Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]

Built-In LDAP Provider

SSH Tectia Certifier contains a built-in LDAP Provider, which can be used to generate notification messages from a LDAP directory. The LDAP Provider can be used in the IIM initial deployment phase or when there is no real-time notification provider or plug-in available in the identity management system.

Instead of doing LDAP search operations, the LDAP Provider is also able to read LDIF files and generated properly formatted notifications from these files.

DTD definition for LDAP Provider Configuration file XML document structure:

<!--                                                     -->
<!-- PCDATA <> Parsed Character Data.                    -->
<!-- CDATA <> Character Data.                            -->
<!--                                                     -->
<!-- EMPTY   <> Element has no child elements nor        -->
<!--            character data, but can have attributes. -->
<!--                                                     -->
<!-- #REQUIRED <> Attribute value is required.           -->
<!--                                                     -->
<!-- #IMPLIED <> Attribute value is optional and has no  -->
<!--             default value.                          -->
<!--                                                     -->
<!-- * <> zero or more                                   -->
<!-- + <> one or more                                    -->
<!-- ? <> optional                                       -->
<!--                                                     -->
<!ELEMENT Parameter        EMPTY >
<!ATTLIST Parameter        paramName CDATA #REQUIRED
                                 paramValue CDATA #REQUIRED >
<!ELEMENT Action           (Parameter)* >
<!ATTLIST Action           type (Add | Modify | Delete | Disable | Enable) #REQUIRED >
<!ELEMENT ActionList       (Action)* >
<!ELEMENT Attribute        EMPTY >
<!ATTLIST Attribute        attrName CDATA #REQUIRED >
<!ELEMENT AttributeList    (Attribute)* >
<!ELEMENT EntityPrimaryKey (#PCDATA) >
<!ELEMENT Option           EMPTY >
<!ATTLIST Option           optName  CDATA #REQUIRED
                                 optValue CDATA #REQUIRED >
<!ELEMENT ProviderOptions  (Option)* >
<!ELEMENT Configuration    (ProviderOptions, 
                                  EntityPrimaryKey,
                                  AttributeList,
                                  ActionList) >

An example of the LDAP Provider configuration file XML document is shown below:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE Configuration SYSTEM "ext_id_ldap_conf_dtd.dtd">
<!--                                                     -->
<Configuration>

  <!--                                                 -->
  <!--  Each provider has own provider specific        -->
  <!--  general configuration options to e.g. specify  -->
  <!--  the LDAP server connection parameters.         -->    
  <!--                                                 -->    
  <ProviderOptions>
    <Option optName="ProviderID" optValue="12345" />
    <Option optName="LdapServerUrl" optValue="ldap://srv:389/" />
    <Option optName="LdapUserName" optValue="CN=Mgr,O=SSH,C=FI" />
    <Option optName="LdapUserPassword" optValue="password" />
  </ProviderOptions>


  <!--                                                    -->
  <!--  Entity primary key specifies the attribute        -->
  <!--  that is a unique identifier for each IIM entity   -->
  <!--  in the provider specific IIM system.              -->
  <!--  However the EntityPrimaryKey is currently ignored.-->
  <!--                                                    -->
  <EntityPrimaryKey>DN</EntityPrimaryKey>


  <!--                                                    -->
  <!--  Attribute list specifies the provider and IIM     -->
  <!--  system specific entity attributes that are        -->
  <!--  required in the notification message.             -->
  <!--                                                    -->
  <AttributeList>
    <Attribute attrName="DN"/>
    <Attribute attrName="cn"/>
    <Attribute attrName="sn"/>
    <Attribute attrName="givenname"/>
    <Attribute attrName="mail"/>
    <Attribute attrName="mobile"/>
  </AttributeList>

  <ActionList>
    <!--                                                          -->
    <!--  Action list contains one or more action definitions.    -->
    <!--  Each action can have provider specific action rules,    -->
    <!--  which triggers the action type identified notification. -->
    <!--  E.g. the action parameters can be used to define        -->
    <!--  LDAP search filters.                                    -->
    <!--                                                          -->
    <Action type="Add">
      <Parameter paramName="Base" paramValue="o=ssh,c=fi" />
      <Parameter paramName="Scope" paramValue="sub" />
      <Parameter paramName="Filter" paramValue="(objectClass=erPersonItem)" />
      <Parameter paramName="SearchSizeLimit" paramValue="50" />
      <Parameter paramName="SearchTimeLimit" paramValue="30" />
    </Action>
  </ActionList>

</Configuration>


PreviousNextUp[Front page] [Index]

===AUTO_SCHEMA_MARKUP===