Directory configuration

This section describes the configuration of the company directory.

An administrator account must be set up to perform the following actions:

user search
user recovery
authentication
etc.

Directory type

To configure access to the company directory, you need to identify the type of access required:

simple: Simple LDAP such as Apache Directory Server or OpenLDAP
ad: Microsoft Active Directory
ad-ds: Microsoft ADLDS

Directory definition by scope

This section covers the configuration of a scope-specific directory. This is the most flexible configuration mode.

Directory configuration is accessible from the administration interface in the Identities > Directory section, and is stored as a document in the LDAPConfiguration class in FlowerDocs.

The information to be configured is as follows:

Identifier	Display name	Description
`LDAPType`	LDAP type	Directory type
`URL`	URL	Directory access url
`User`	User	User to connect to the directory
`Password`	Password	Password for directory user
`BaseDN`	Base DN	DN configured in the directory
`IdAttribute`	Attribute for identifier	Directory attribute used to store the user identifier
`GroupIdAttribute`	Attribute for group identifier	Directory attribute used to store the group identifier
`DisplayNameAttribute`	Display name attribute	Directory attribute used to store the user’s display name
`SearchAttribute`	Search attribute	Directory attribute used to search for users/groups
`MembersAttribute`	Members	Directory attribute used to store group members
`EnableLowerCaseOfUserName`	Enable evaluation of lower case identifier	Enables you to force the resolution of user identifiers in lower case

Default directory definition

This section covers the configuration of a default directory for a FlowerDocs instance.

This section is not necessary if the directory is configured via the scope-based administration interface described above. The directory type can then be defined by WEB application:

For FlowerDocs GUI using the property: gui.ldap.type
For FlowerDocs Core using the property: ws.ldap.type

Example: Configuring an embedded server

gui.ldap.type=ad
ws.ldap.type=simple

To configure access to the LDAP directory, you need to set the ldap property.

Property	Default value	Description
ldap.bind.url		Directory address
ldap.bind.root		Base node in LDAP structure
ldap.base.dn		User search database

An admnistrator account must be set up.

Property	Description
ldap.bind.dn	User’s Distinguished Name
ldap.bind.password	User’s password

In order to retrieve (or authenticate) users with the configured directory, you must also define:

Property	Description
ldap.attr.id	Attribute used to retrieve a user’s identifier

Examples:

Microsoft Active Directory : sAMAcountName
Microsoft Active Directory LDS: uid
Apache Directory Server: uid

Other attributes used for user mapping can be defined:

Property	Description
ldap.attr.display.name	Attribute used to retrieve a user’s identifier
ldap.attr.password	Attribute used to retrieve a user’s password

Configuration examples

ADLDS

ldap.bind.url=ldap://ldap.company.com:389
ldap.bind.root=dc=arondor,dc=dev
ldap.bind.dn=CN=fadmin,OU=Demo,OU=FlowerDocs,DC=arondor,DC=dev
ldap.bind.password=okidoki
ldap.base.dn=OU=Demo,OU=FlowerDocs
ldap.attr.id=CN
ldap.attr.display.name=displayName

OpenLDAP

OpenLDAP requires that the base DN used

ldap.bind.url=ldap://ldap.company.com:389
ldap.bind.root=
ldap.base.dn=dc=arondor,dc=dev
ldap.attr.id=CN
ldap.bind.dn=CN=admin,DC=arondor,DC=dev
ldap.bind.password=okidoki
ldap.attr.display.name=displayName

Directory administration

From the administration interface, users can be created with a default password. For this, the password is not mandatory, but is a global parameter for the FlowerDocs instance.

Property	Description
ldap.default.password	Default password if none set at creation
ldap.user.password.mandatory	Boolean defining if the password field is mandatory

Users and groups can only be created at the root of the directory access node.

Example: For Microsoft Active Directory: <domaine>/<base DN>