It is currently Sun Mar 29, 2020 5:36 am




 Page 1 of 1 [ 2 posts ] 
Author Message
 Post subject: Integrating ChatBlazer 8 with your LDAP Directory
PostPosted: Wed Apr 14, 2010 8:20 am 
Support Staff

Joined: Fri Nov 01, 2002 4:06 am
Posts: 43
The LDAP module is included in the Enterprise Edition of the ChatBlazer server license. With the LDAP module, you can integrate ChatBlazer with your directory service if it supports LDAP, e.g. Sun One, Sun Directory Server, Novell eDirectory, OpenLDAP, Microsoft Active Directory, etc.

Suppose a typical user in your organization is represented by the DN cn=FirstName LastName,ou=People,o=mycompany.com. The following example will use this DN for values that are affected.

Server Configuration
On the server side, you need to edit the configuration file conf.xml :
<module name="ldap" active="true">
   <ldap-config>
      <!--
         type:
            Novell eDirectory = "novell"
            Microsoft Active Directory = "msad"
            OpenLDAP, Netscape Directory Server, Sun Java System Directory Server
            and others, leave blank.
         searchScope:
            base (default), one, subtree
      -->
      <server type="" host="ldap://127.0.0.1" base-dn="dc=mycompany,dc=com"
         user="cn=Manager,dc=mycompany,dc=com" password="secret" encoding="utf-8"
         searchScope="base"/>
      <!-- Default assumes password is stored in SHA with {SHA} prefixed in front of password. -->
      <password-comparator class="com.chatblazer.ldap.LdapPasswordComparator"
         base64="1" hash="sha" prefix="{SHA}" />
      <attr-map-set name="default" objectclass="top,person,organizationalPerson,inetOrgPerson">
         <attr-map name="password" mapped-name="userpassword" />
      </attr-map-set>
      <!--
         NDS can sometimes store "inetOrgPerson" in all lowercase, so add another
         attr-map-set to cater to that case difference.
      -->
      <attr-map-set name="lowercase" objectclass="top,person,organizationalPerson,inetorgperson">
         <attr-map name="password" mapped-name="userpassword" />
      </attr-map-set>
   </ldap-config>
</module>

For a detailed explanation of the configuration elements above, refer to this LDAP guide. In most instances, these are the changes that have to be made :
  • Specify host address of your directory (LDAP server).
  • Specify an LDAP account that has permission to browse user nodes in the directory. This is specified in the "user" and "passwd" attributes of <server>.
  • The default password comparator can compare passwords in MD5 or SHA. Specify the prefix if any.

Client Configuration
On the client side, edit config.xml to include the info attribute in the <login> element:
<login
.
.
.
allowrelogin="true"
allowremember="true"
info="dn.search=cn=$cb_name,ou=People"
/>

The value of this attribute must include a "dn.search" property, the value being the DN prefix that will be added to your base DN when searching the directory. You can use the placeholder $cb_name to substitute the user's login name into the property.

The use of $cb_name is optional. If you omit it, you will most probably need to include the user's unique UID into the parameter value using a dynamic configuration page.

List of updates relevant in ChatBlazer 8:
  • Added "searchScope" attribute. This can be configured to change the scope of the LDAP search.


Offline
 Profile  
 
 Post subject: Primer for using LDAP search scope in ChatBlazer
PostPosted: Tue May 18, 2010 10:34 pm 
Support Staff

Joined: Fri Nov 01, 2002 4:06 am
Posts: 43
ChatBlazer now supports searching by different scopes when looking up your user entries in your LDAP directory. The three standard scopes are supported -- base, one and subtree, with base being the default.

To change the search scope, modify the LDAP settings in the server configuration. Note the "searchScope" attribute.
<module name="ldap" active="false">
   <ldap-config>
      <!--
         type:
            Novell eDirectory = "novell"
            Microsoft Active Directory = "msad"
            OpenLDAP, Netscape Directory Server, Sun Java System Directory Server
            and others, leave blank.
         searchScope:
            base (default), one, subtree
      -->
      <server type="" host="ldap://127.0.0.1" base-dn="dc=mycompany,dc=com"
         user="cn=Manager,dc=mycompany,dc=com" password="secret" encoding="utf-8"
         searchScope="subtree"/>

To trigger searching by scope instead of direct binding, the client configuration needs to send a search filter parameter. This is a typical LDAP search filter syntax.
(&(objectClass=person)(username={0}))

[ChatBlazer substitutes the {0} token with the name provided by the client during login.]

Specify this value in the client configuration in the "login" section. Notice that you do not have the "dn.search" field but it's replaced with "dn.filter".
<login allowmember="true" allowguest="true" defaultmember="false" allowrelogin="true" allowremember="true"
   info="dn.filter=(%26(objectClass=person)(cn={0}))" >
   <direct-login enabled="false" username="" password="" />
   <direct-entry enabled="false" roomname="" roomid="" password="" />
   <direct-private-chat enabled="false" cid="" />
</login>

Notes:
  • The "info" attribute is a set of URL-encoded parameters, similar to a HTTP query string. Use & to separate value pairs, and since this is in XML, the & is represented by &amp;
  • Since each value pair is URL-encoded, any non-alphanumeric character should be URL-encoded, e.g. & == %26.

Effectively, this allows you to search for users with different DN structures. e.g. cn=UserA,ou=ABC,o=MyCompany, cn=UserB,ou=DEF,o=MyCompany.



_________________
Samuel
ChatBlazer Support
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron