LDAP panel

LDAP (Lightweight Directory Access Protocol) is a lightweight client-server protocol for accessing directory servers. With LDAP support, the JReport Server enables you to import users/groups from directory servers.

This panel allows you to configure the JReport Server LDAP settings. It contains four tabs:

Server
Import
Synchronize
Role Map

Server

This tab allows you to configure LDAP server settings. See the tab.

Select LDAP Server

Specifies the Directory Server. Supported servers are: Novell Directory Server, iPlanet Directory Server, Microsoft Site Server, OpenLDAP Directory Server, Win2000 Active Directory, and Lotus Domino on NT.

Load Settings

Loads the settings of the specific server.

Enable LDAP Version2/Version3

Specifies whether or not to enable JReport Server to retrieve users from the Directory Server and which LDAP Version to adopt.

The LDAP Version3 extends LDAP Version2 in the areas of internationalization, authentication, referral, and deployment. It also allows new features to be added to the protocol without also requiring changes to the protocol. This is done by using extensions and controls.

LDAP Version3 protocol has extensible authentication which uses Simple Authentication and Security Layer ( SASL) mechanisms so as to support pluggable authentication.

Note that currently when you select Version3, JReport Server will only use LDAP Version3 protocol to connect to LDAP server.

Enable Direct Authentication to LDAP Server

Specifies whether or not to enable LDAP support without importing LDAP security information. This option controls the LDAP feature's work mode. Currently, the JReport Server security system can run two modes in which you can use an LDAP server's security system. The first is importing mode. In this mode, if you want to use the LDAP feature, you will have to import the security information from an LDAP server. The second is non-importing mode. With this mode, JReport Server can directly access an LDAP server and obtain LDAP security information without having to import it.

Enable Auto-Import of Users from LDAP Server

Specifies to enable JReport Server to import LDAP users automatically. If activated, the server security system will import security information from the LDAP server when an LDAP user logs into JReport Server for the first time.

LDAP URL

Specifies the URL of the LDAP server.

LDAP Server Port

Specifies the port of the LDAP server.

Root Entry

Specifies the root of the Directory Server. From this root, JReport Server searches for objects in Directory Server.

Directory Manager DN

Specifies the entry path of the Directory Manager who has the priority to manage users on the Directory Server.

Password

Specifies the Directory Manager's password.

Remember Password

Specifies to remember the Directory Manager's password.

Encryption Type

Specifies the encryption type. There are two types available. None means using a plain port to connect to the LDAP server, and SSL refers to connecting to the LDAP server by SSL.

Import LDAP Groups to

Specifies whether the LDAP groups will be imported into the JReport security system as local roles or as local groups.

Test Connection

Tests whether the connection to the specified server is successful or not.

User Schema

Specifies the settings of user schema.

User Attribute Name
Specifies the user's attribute name.
User Common Name
Specifies the user's common name.
User Password
Specifies the user's password.
Distinguished Name
Specifies the name of the organization unit inside the LDAP server where you want to perform a search for users.
Query User
Views properties of users in the organization unit.
Filter
Specifies the filter criteria with which to search for users.
Specify the attribute for user description
Specifes the specific attribute which will be used as JReport user information.
- Attribute Name
  Specifes the attribute name.

Group Schema

Specifies the group schema settings.

Group Common Name
Specifies a common name for the group.
Group Member Type
Specifies the member type of the group.
Distinguished Name
Specifies the name of the organization unit inside the LDAP server where you want to perform a search for groups.
Filter
Specifies the filter criteria with which to search for groups.
Admin Group
JReport Server will add the group specified here as a member to the Admin group.
Query Group
Views properties of groups in the organization unit.
Specify the attribute for group description
Specifes the specific attribute which will be used as JReport group information.
- Attribute Name
  Specifes the attribute name.

Save

Saves all changes.

There are several examples of LDAP server configuration for your reference.

Import

This tab allows you to import users/groups from directory servers. See the tab.

LDAP users overwrite local users

Specifies that users of the LDAP server will overwrite those of the local server.

Local users overwrite LDAP users

Specifies that users of the local server will overwrite those of the LDAP server.

List Users

Lists LDAP users that exist in both LDAP server and JReport Server.

List Groups

Lists LDAP groups that exist in both LDAP server and JReport Server.

Import Users

Imports LDAP users.

If LDAP Server overwrite Local users is selected, all LDAP users will then be imported, and any JReport Server users that have the same names as the LDAP users will be overwritten.

If Local overwrite LDAP server users is selected, all LDAP users will be imported, and any users that have the same names as JReport Server users will be overwritten.

Import
Imports the selected users from the LDAP server to JReport Server.
Import All
Imports all users from the LDAP server to JReport Server.
Back
Returns to the default Import tab.

Import Groups

Imports LDAP groups.

If LDAP Server overwrite Local users is selected, all LDAP groups will be imported, any LDAP group that has the same name as a group in the local server will be merged into the local group, and local users of the same names as the LDAP users will be overwritten.

If Local overwrite LDAP server users is selected, all LDAP groups will be imported, any LDAP group that has the same name as a group in the local server will be merged into the local group, and LDAP users of the same names as the local users will be overwritten.

Import
Imports the selected groups from the LDAP server to JReport Server.
Import All
Imports all groups from the LDAP server to JReport Server.
Back
Returns to the default Import tab.

Notes:

There is an admin group named Administrators on the LDAP Server. If you perform an Import operation, all groups will then be imported except for the Administrators group.
In the case of a non-admin group on the LDAP Server having the same name as a non-admin group on JReport Server, if you perform an Import operation, all users from the non-admin group on the LDAP Server will be merged into the non-admin group of JReport Server.
If you have imported users/groups from the LDAP server to JReport Server once and you want to import them again, in order to prevent the information of the users/groups on JReport Server from being overwritten by the newly imported users/groups, you should first check Local overwrite LDAP server users and then import the users/groups.

Import All

Imports all LDAP users and LDAP groups.

Synchronize

This tab enables you to synchronize security information from your local server with that of the LDAP server so that you have the most current security information.

The synchronization process first compares the security information on both the local server and the LDAP server. Then, if necessary, it updates the information on the local server so that both sides are consistent. However, note that for security reasons, this process does not automatically import the newly-added users or groups from the LDAP server.

See the tab.

Synchronize Now

Synchronizes local security information.

Synchronization Information

Lists information about the synchronization task when the synchronization process is complete.

LDAP Synchronization Schedule Settings

Sets the schedule settings to your requirement.

Enable
Enables the LDAP synchronization schedule task.
Disable
Disables the LDAP synchronization schedule task.
Edit
Edits the synchronization schedule task.
Detail
Lists information about the last run synchronization task.

Role Map

This tab allows you to pre-define a role map for the imported LDAP users.

When an LDAP user account is automatically imported (the Enable Auto-Import of Users from LDAP Server option in the Server tab has been checked), JReport Server can automatically assign it to specific roles according to the pre-defined role map.

A role map consists of two parts: Search Filter String and Corresponding Role Name. When an imported LDAP user account matches the filter condition (specified by the Search Filter String), it will automatically be added to a specific role (specified by the Corresponding Role Name). You can create more than one role map.

See the tab.

Create New Role Map

Creates a new role map.

Search Filter String
Specifies the search filter criteria.
Corresponding Role Name
Specifies the corresponding role to which you want to assign the matching users.
Test
Tests the contents of the filter. The results of the test do not affect the creation of the new role map.
Save
Creates a role map and exits the dialog.
Cancel
Cancels the settings.

Edit

Edits the specified font map.

Test

Tests the contents of the filter.

Delete

Deletes the specified role map.

LDAP panel

Server

Import

Synchronize

Role Map

Related topics: