Using LDAP Security

This webinar reviews using LDAP security in a WaveMaker Project.

Resources

Download the Demo Project Export to run the example in studio. See how to use a project export for information exports.

Download the LDAP Browser/Editor used in the webinar or run the applet version.

Watch the screencast, aprox 20 minutes running length.

Project Overview

Connection Settings

Go to the Security tab which will bring you to Security editor.

You shall see some LDAP settings here.

LDAP URL: ldap://172.16.1.2:389/dc=wavemaker,dc=com

The first field is the LDAP URL.  This is the network address of your LDAP directory and the root node.  The root node in this example is dc=wavemaker,dc=com.  It means all later operations (such as search) are performed on the subtree defined by the root node.

Manager DN: cn=manager,dc=wavemaker,dc=com Manager Password: manager

Next is the Manager DN and password.  This is the credential used to perform any search operations.

The LDAP browser (see resources) can be used to show the content in your LDAP directory.

Before going any further, you can use the Test Connection button to test the connection.

User DN Pattern

User DN Pattern: cn={0},ou=people

The next is the User DN Pattern.  This is used to construct the user DN.

The Acegi security framework replaces the {0} with the username supplied by the user (say, jsmith) during authentication.  After replacing {0} with the username, the DN pattern becomes a relative DN (RDN), cn=jsmith,ou=people, which then combines with the root node to become cn=jsmith,ou=people,dc=wavemaker,dc=com, you get jsmith's DN.

That is all that  is needed for setting up authentication against LDAP. Save the settings and test out the settings.

Getting the User name and role at runtime

In the Page Designer, we have added a service call for getUserName and binds to a label. 

The next section will show how to setup to get the user role.

Check on the Search User Role checkbox.

Group Search Base: ou=roles

The first field is Group Search Base. This is the search base from which the search for group membership should be performed.

Group Role Attribute: cn

The next field is Group Role Attribute.  This is the attribute that holds data about the role name for a group.

Group Search Filter: (member={0})

The last field is the Group Search Filter.  This is the search filter used to search through the LDAP directory to find the roles to which an authenticated user belongs.  {0} would be substituted with the user's DN.

In the Page Designer we created a service call getUserRoles that binds the output of the service call to a list widget. Since the getUserRoles returns a list of Strings so need to bind to a list widget.

Logout

In the result function of the logout should reload the client window

logoutResult: function(inSender, inData) {

window.location.reload();

},

View of LDAP