|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Specifying an LDAP User Directory
|
|
|
|
Although ColdFusion includes a Netscape LDAP directory you can use as a user directory, you can specify any LDAP directory you may already have to provide authentication services for Advanced security. As with the Windows NT domain, you use native LDAP management tools to add or change user or group information.
|
|
|
|
To identify a user directory:
|
|
|
- In the Advanced Server Security page of the Administrator, click the User Directories button.
- Enter a name for the user directory in the User Directory text box and click Add.
- In the New User Directory page, enter descriptive information about the directory you are creating.
- Select Windows NT or LDAP in the Namespace drop-down menu.
- Enter a valid server name. If you chose Windows NT as the namespace, the server name must match the domain server name. If you chose LDAP as the namespace, the server you specify must host a valid LDAP directory.
You can add multiple user directories; once defined all user directories become
available to the security contexts defined for this security server.
- Enter a username (user's Distinguished Name DN) and corresponding password if applicable.
- Click to enable Secure Connect to implement encrypted transmission of authentication information. Secure Connect must be enabled when accessing an LDAP server over Secure Sockets Layer (SSL).
The Add User Directory to Existing Security Context box is checked by default. This setting enables you to add users to existing security contexts automatically. If you disable this option, users must be manually associated with a security context.
|
|
|
|
Entering LDAP directory options |
|
|
|
If you selected LDAP as the domain namespace when defining a new user directory, you need to enter information to help ColdFusion interact with the LDAP directory.
|
|
|
|
To define LDAP options:
|
|
|
- Enter a Search Root. The Search Root must point to the branch of the LDAP tree where a user namespace logically begins. Typically, this branch represents an "organization" or an "organizational unit" and corresponds to one user directory.
- Enter a Lookup Start. Used to construct the non-unique beginning of the DN string. An example would be: uid=.
- Enter a Lookup End. Used to construct the part of the DN string that follows user ID. An example of a lookup end would be: ,ou=marketing,o=widgetinc.com.
- Enter a Search Timeout. Indicates the maximum amount of time (in seconds) you want a directory search to take.
- Enter a Search Results. Enter the maximum number of results you want the search to return.
- Select a Search Scope from the drop-down list. Enter the depth of your search. For example, if you want to be able to access everything under the search root, select the Subtree option. Otherwise, select the One Level option.
- Click Add.
The Add User Directory to Existing Security Context box is checked by default. This setting enables you to add users to existing security contexts automatically.
Next step: Defining a Security Context.
|
|
|
  
|
|
|
AllaireDoc@allaire.com
Copyright © 1998, Allaire Corporation. All rights reserved.
|