'Authentication Search Filter' for Users in LDAP

Issue

  • At the moment, we are using LDAP server connection to authenticate our users.
  • Our question is: in which moment the query to authenticate users is executed? More exactly, when the field 'Authentication Search Filter' is applied?
  • We are using as 'Authentication Search Filter' this value: '(HJTconID=@screen_name@)'

Environment

  • DXP 7.3

Resolution

  • The field 'Authentication Search Filter' is defined to make a relationship between the field configured in DXP for login and the attribute which defines a user in LDAP.
  • The bind process between both servers DXP and LDAP follows these steps:
    • DXP requests an initial query to LDAP, using the 'Authentication Search Filter' .
      • Using the previous defined value, the query is equivalent to '(HJTconID=[[[Screen Name Used in Login]]])'
      • Then DXP checks if there is some value returned to resume or abort the process.
    • Next step, DXP makes a join between these both filters: 'Authentication Search Filter' and 'Import Search Filter' and requests to LDAP.
      • The query is equivalent to '(&([[[Authentication Search Filter]]])([[[Import Search Filter]]]))'
      • Returned value is used by DXP to populate user data using  configured 'User Mapping' fields.
    • Finally, DXP proceeds to import user memberships requesting to LDAP the filter 'Import Search Filter' from 'Groups' section.
      • The query is equivalent to '(&([[['User' field from 'Groups' section, usually 'uniqueMember']]]=[[[User DN]]])([[['Import Search Filter' from 'Groups' section]]]))'
  • Please, take into account those queries are requested only when user import is done during authentication. If import from LDAP configuration is defined ('Enable Import'option, 'Enable Import on Startup'option, 'Import Interval'field), DXP will only use 'Import Search Filter' filters to import users from LDAP.

 

 

 

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助