JReport Server’s security system can run two modes in which you can use an LDAP server’s security system: importing mode and non-importing mode. Below diagram illustrates these two working modes:
Importing mode: If you want to use the LDAP feature, you will have to import the security information from an LDAP server into the built-in security system (red line).
Non-importing mode: JReport Server can access an LDAP server and obtain LDAP security information directly using the LDAP implementation of the Security API (blue line).
To use an LDAP server’s security system, you should first enable JReport Server to adapt to a directory server. You can configure either via UI or with the LDAPProperties.xml file.
Currently the following directory servers are supported: Novell Directory Server, Microsoft Site Server, iPlanet Directory Server, Active Directory Advanced Server, Lotus Domino Server on NT, and OpenLDAP Directory Server. If you need access to a different directory server, contact your JReport Sales Representative. New servers are frequently being added.
Configuring via UI
To configure the LDAP server via UI, on the JReport Administration Page go to the Configuration > LDAP > Server tab, then specify the following options as required.
|Select LDAP Server||Specifies the directory server.|
|Load Settings||Loads the settings of the specified LDAP server.|
|Enable LDAP Version2/Version3||Specifies whether or not to enable JReport Server to retrieve users from the directory server and which LDAP version to adopt.
The LDAP Version3 extends LDAP Version2 in the areas of internationalization, authentication, referral, and deployment. It also allows new features to be added to the protocol without also requiring changes to the protocol. This is done by using extensions and controls.
LDAP Version3 protocol has extensible authentication which uses Simple Authentication and Security Layer (SASL) mechanisms so as to support pluggable authentication.
Note that currently when you select Version3, JReport Server will only use LDAP Version3 protocol to connect to LDAP server.
|Enable Direct Authentication to LDAP Server||Specifies whether or not to enable LDAP without importing LDAP security information. This option controls the LDAP feature’s work mode. Currently, the JReport Server security system can run two modes in which you can use an LDAP server’s security system. The first is importing mode. In this mode, if you want to use the LDAP feature, you will have to import the security information from an LDAP server. The second is non-importing mode. With this mode, JReport Server can directly access an LDAP server and obtain LDAP security information without having to import it.|
|Enable Auto-Import of Users from LDAP Server||Specifies to enable JReport Server to import LDAP users automatically. If activated, the server security system will import security information from the LDAP server when an LDAP user logs into JReport Server for the first time.|
|LDAP URL||Specifies the URL of the LDAP server.|
|LDAP Server Port||Specifies the port of the LDAP server.|
|Root Entry||Specifies the root of the directory server. From this root, JReport Server searches for objects in directory server.|
|Directory Manager DN||Specifies the entry path of the Directory Manager who has the priority to manage users on the directory server.|
|Password||Specifies the Directory Manager’s password.|
|Remember Password||Specifies to remember the Directory Manager’s password.|
|Encryption Type||Specifies the encryption type. There are two types available. None means using a plain port to connect to the LDAP server, and SSL refers to connecting to the LDAP server by SSL.|
|Import LDAP Groups to||Specifies whether the users in the LDAP groups will be imported into the JReport security system as local roles or as local groups.|
|Test Connection||Tests whether the connection to the specified server is successful or not.|
|User Schema||Specifies the settings of user schema.
|Group Schema||Specifies the group schema settings.
Configuring with LDAPProperties.xml
The LDAPProperties.xml file located in <install_root>\properties can be used for LDAP server configuration. The properties in the file can be mapped to the options in the Server tab on the JReport Administration > Configuration > LDAP page. For details about the usages of the properties, refer to that of the mapped options.
|UI OPTION||PROPERTIES IN LDAPPROPERTIES.XML|
|Enable Direct Authentication to LDAP Server||enableNoneImportedLDAPSupport|
|Enable Auto-Import of Users from LDAP Server||enableAutoImportLDAPUser|
|LDAP Server Port||serverPort|
|Directory Manager DN||directoryManagerDN|
|Import LDAP Groups to||importGroupType|
|User Attribute Name||userAN|
|User Common Name||userCN|
|Filter (for user schema)||userFilter|
|Specify the attribute for user description||userEnableSAN|
|Attribute Name (for user schema)||userSAN|
|Group Common Name||groupCN|
|Group Member Type||groupMemeberType|
|Filter (for group schema)||groupFilter|
|Specify the attribute for group description||groupEnableSAN|
|Attribute Name (for group schema)||groupSAN|
The following presents examples for adapting JReport Server to specific directory servers:
- Example 1: Configuration for adapting to a Novell Directory Server
- Example 2: Configuration for adapting to a Microsoft Site Server
- Example 3: Configuration for adapting to an iPlanet Directory Server
- Example 4: Configuration for adapting to the Active Directory Advanced Server
- Example 5: Configuration for adapting to a Lotus Domino Server on NT
- Example 6: Configuration for adapting to an OpenLDAP Directory Server