LDAP Authentication Method

If you want to employ LDAP for user authentication with your Cumulus installation, you need profound LDAP knowledge to configure the set up for the co-operation between your existing LDAP server configuration and the Cumulus user management properly. In order to employ LDAP for user authentication with your Cumulus installation, you don’t need to change your existing LDAP schema or contents to add information needed for Cumulus.

The Cumulus LDAP Authenticator can be used in the following scenarios:

• The user is already included in the $Users catalog of Cumulus and the password should be checked using an existing LDAP server configuration.

• The user is already included in the $Users catalog of Cumulus and the E-Mail Address field of her/his properties should be filled using an existing LDAP server configuration.

• The user is already included in an existing LDAP server configuration and no separate entry (user record in the $Users catalog) should be created for the user (with the role-based user management only).

The LDAP Authenticator is part of the Cumulus Server installation. It is configured through the LDAP.xml file in the conf folder (located in the Cumulus Server installation folder). The Server installation provides two example files that are pre-configured for ActiveDirectory and OpenDirectory LDAP schemes. It is best to start making a copy of the example that fits your LDAP installation and rename it to LDAP.xml. The provided pre-configured files contain detailed comments on the configuration items. If you use any other LDAP scheme than ActiveDirectory and OpenDirectory (e.g. eDirectory), you have to adapt the structure to the structure of your LDAP scheme.

The LDAP.xml file contains the LDAP host name and also the distinguished name (DN) of a user that is allowed to read the necessary LDAP information. The file also contains the password of this user in clear text so you should set up file permissions so that the LDAP.xml cannot be read by unauthorized users.