General
      Back to home
      1. Knowledge Base
      2. requisis_reqIF-Manager
      3. General

      Configuration of an LDAP connection of the requisis_Toolbox

      More detailed explanations of the LDAP/Active Directory parameters for the configuration in parameters.yml file.

      The LDAP protocol enables computers to make requests to the LDAP directory in a standardized way, for example to obtain information about users and their group membership.

      The following information is required to connect your directory service to the requisis_Toolbox.

      Make sure to transfer all information from the LDAP CaseSensitive to the parameters.yml file.

      • auth.ldap.debug: 'false'
        Activates the LDAP debug mode for more detailed error messages. If you have problems with the setup, more log messages may help you. You will also find the requisis_toolbox_login.log in the subfolder store/toolbox/logs
      • auth.ldap.server: 'ldap-server.company.net'
        The address of your LDAP server / Active Directory.
      • auth.ldap.port: 389
        The standard port for LDAP is 389 and 636 for secure connections.
      • auth.ldap.encryption: none
        Enter the type of encryption used for ldps here. (tls or ssl) If you are not using encryption, enter none here.
      • auth.ldap.dc: 'OU=EmlUsers,DC=carcompany,DC=com'
        LDAP path to the corresponding root or directory in which your organization has the relevant user data for the planned use of the requisis_toolbox.
      • auth.ldap.disabled.users.execute.command: true
        Specifies whether the cron job cleanup users should be executed daily. You can find more information on this in the Admin manual chapter User Cleanup Script.
      • auth.ldap.supporter.dn: 'CN=ReqTbSupport,OU=ElmAdmins,DC=carcompany,DC=com'
        Users who are members of this group receive the supporter role for the requisis_Toolbox and access to the administration area. Group must be specified with full DN - as in the example.
      • auth.ldap.user_access.dn: 'CN=RmEmployee,OU=ElmDpt,DC=carcompany,DC=com'
        Users who are members of this group can log in to the requisis_Toolbox, all other users cannot log in. Group must be specified with full DN - as in the example.
      • auth.ldap.supporter.ldap-filter: 'OU=ReqTbSupport'
        Allow activation of the support role by an LDAP attribute with value.
      • auth.ldap.binduser.login.dn 'UID=global,OU=users,DC=carcompany,DC=com'
        Complete LDAP path (DN) of the technical user. The technical user handles the communication between the requisis_toolbox and the IBM ELM.
      • auth.ldap.binduser.login.pw: 'TechUserPassWord'
        The password of the technical user.
      • auth.ldap.binduser.searchloginnameby: 'sAMAccountName'
        Name of the attribute in which the user name is stored. This attribute is used to find the user based on their user name in LDAP.
      • auth.ladp.disabled.users.parameter: 'userAccountControl'
        Name of the attribute in which it is stored whether a user account is inactive. Comment out to deactivate. Only works together with auth.ldap.disabled.users.parameter.mask.
      • auth.ldap.disabled.users.parameter.mask: '2'
        Bit mask against which the attribute from auth.ladp.disabled.users.parameter is checked to determine whether a user is inactive. Comment out to deactivate. Only works together with auth.ladp.disabled.users.parameter.

      Transfer properties to parameters.yml in the subfolder store\toolbox\config according to chapter 4.3.1 of the Admin Manual. Note that all values must be transferred CaseSensitive and the LDAP type names of the attributes in capital letters.