The class com.coremedia.ldap.LdapUserProvider is an abstract base class to fetch LDAP entries. It
provides all general LDAP-related functionality, especially session handling, searching and caching. It is
abstract concerning the membership relation which depends on the particular underlying LDAP schema. This class
can not be configured as provider class in contentserver.properties but can be subclassed by
concrete provider classes. It reads property files like the following example:
java.naming.security.principal=CN=Administrator,CN=Users, DC=example,DC=org java.naming.security.credentials=admins password com.coremedia.ldap.host=theLdapServer com.coremedia.ldap.port=389
Example 3.11. Property file
The first two properties specify the account to be used by the Content Server for log on to the LDAP Server. The last two properties configure the LDAP host and port number. All properties which start with ‘java.naming’ are evaluated by the JNDI framework. They are not robust concerning trailing whitespaces, so edit them carefully. The last two properties are mandatory.
com.coremedia.ldap.basedns=OU=Accounts,DC=example,DC=org; OU=Groups,DC=example,DC=org com.coremedia.ldap.domains=example.org com.coremedia.ldap.expiration=3600 com.coremedia.ldap.user.customattrs=mail com.coremedia.ldap.group.customattrs=
Example 3.12. Property file
The first property configures a semicolon separated list of base distinguished names (DNs) under which groups and users must be located to be accessible by a Content Server.
![[Caution]](../common/images/caution.png) | Caution |
|---|---|
Due to a bug in the JNDI implementation in Java 8
CoreMedia's Ldap integration cannot correctly cope with referrals. If you use Active Directory with
Trust Relationships, you can only use DNs underneath the DC level. For instance, it works fine with
2016-03-01 16:24:23 [ERROR] com.coremedia.ldap.LdapUserProvider - Exception while serving com.coremedia.ldap.ad.ActiveDirectoryUserProvider#getUsers: java.util.Vector cannot be cast to java.lang.String java.lang.ClassCastException: java.util.Vector cannot be cast to java.lang.String at com.sun.jndi.ldap.LdapReferralException.getNextReferral(LdapReferralException.java:241) ~[na:1.8.0_65] at com.sun.jndi.ldap.LdapReferralException.skipReferral(LdapReferralException.java:201) ~[na:1.8.0_65] at com.coremedia.ldap.impl.LdapConnector.ldapSearch(LdapConnector.java:335) ~[coremedia-ldap-7.1.11-5.jar:7.1.11-5]
|
The second property configures a semicolon separated list of domain names, served by the
LDAP server. The third value configures the interval in seconds after which a cached LDAP user in the
Content Server is updated with modifications made in the
LDAP server. Do not set a small value here, as this might lead to performance problems. The last two properties
are mandatory and hold a single space separated list of attribute names that are added to and accessible from
the LdapUser and LdapGroup Java objects.
com.coremedia.ldap.ou.filter=(objectClass=organizationalUnit) com.coremedia.ldap.member.filter=
Example 3.13. Properties
You may specify two sorts of filters: OU filters and member filters. Using an OU filter allows fine grained
configuration of the LDAP nodes to search in, but their usage is not recommended, since it prevents
subtree scope search and is thus not performing. The value of the property must follow the syntax described in
RFC 2254. You may specify a member filter if needed. A member filter is a class which implements the
com.coremedia.ldap.MemberFilter interface.
 |  |  |
 |