CubeDrive Installation   ->   Authentication using LDAP

Authentication using LDAP



LDAP (the Lightweight Directory Access Protocol) is used for accessing centralized directory services. This helps reduce the effort required to manage user accounts as they can be accessed by multiple applications. One such LDAP server is Active Directory. LDAP is often used to achieve Single Sign On which allows a user to access multiple applications after logging in once.

CubeDrive LDAP authentication


User accounts can be synchronized between the customer LDAP server and CubeDrive, with LDAP account details being saved in the CubeDrive repository. This allows the accounts to be assigned to CubeDrive groups for allocating the required permissions and privileges for the files.

CubeDrive uses LDAP authentication to authenticate such users, with credentials being passed to the LDAP server for validation, which is required before allowing access to CubeDrive. To improve performance, successfully validated credentials can be cached by CubeDrive; with an expiry timeout to ensure that revalidation does occur after an appropriate period.

Use of such accounts is transparent to your users, they see no difference between user and group accounts created from LDAP and those created solely in CubeDrive.

LDAP authentication occurs at the repository level, so is enabled and configured by CubeDrive:

Configuring CubeDrive LDAP


In CubeDrive system, all the parameters about LDAP are set in the following properties file.

[Tomcat]/webapps/cubedrive/WEB-INF/classes/ldap_security.properties
See the following example parameters, and you can change them to match what your system needs.
    
contextFactory=com.sun.jndi.ldap.LdapCtxFactory
contextFactory.url = ldap://localhost:389
contextFactory.baseDN = ou=People,dc=example,dc=com
contextFactory.securityAuthentication = simple
contextFactory.systemUsername = cn=admin
contextFactory.systemPassword = secret

ldapRealm.user.findByUserTemplate = cn={0}

ldapRealm.user.usernameAttribute=cn
ldapRealm.user.firstnameAttribute=givenName
ldapRealm.user.lastnameAttribute=sn
ldapRealm.user.email=mail
    

After you setup those parameters and re-start Tomcat. You should be able to validate your exisitng accounts again your LDAP.

LDAP Properties


In CubeDrive system, all the parameters about LDAP are set in the following properties file.

Property Example Description
contextFactory.url $protocol :// $ldaphost : $port It is the URL of the LDAP service
contextFactory.baseDN ou=People,dc=example,dc=com It is a comma-separated list of attribute and value pairs that define the User Distinguished Name (DN). The first pair must be set to " $attribute_name ={0}" indicating that the $attribute_name is equal to the user token parsed from the request.
contextFactory.securityAuthentication simple It is the authentication mechanism.
contextFactory.systemUsername cn=admin It is the username to access your LDAP system.
contextFactory.systemPassword secret It is the password to access your LDAP system.