Authenticate against multiple LDAP domains
PPM can handle multiple domains during LDAP authentication. To configure this feature, you add the server configuration parameter LDAP_URL_FULL
to the server.conf
file.
The values for the LDAP_URL_FULL
parameter include a space-delimited (not comma-delimited) list of full LDAP URLs. Each LDAP URL must specify a base distinguished name (DN), which is used in place of the LDAP_BASE_DN
server configuration parameter.
Example of how to set the LDAP_URL_FULL
parameter:
com.kintana.core.server.LDAP_URL_FULL=ldap://<Host>.<Your_Domain>.com/CN=Users,DC=<Your_Domain>,DC=com ldap://<Host>.<Your_Domain>.com/OU=Users2,DC=<Your_Domain>,DC=com
Disable the LDAP_URL parameter
If you add the LDAP_URL_FULL
parameter to the server.conf
file, make sure that you comment out the LDAP_URL
parameter. The LDAP_URL
parameter supersedes the LDAP_URL_FULL
parameter so that, if both are specified in the server.conf
file, PPM uses the value set for LDAP_URL.
If the URLs provided for LDAP_URL_FULL
do not have a DN value, PPM uses the value set for LDAP_BASE_DN.
Note: To specify a space character inside of a URL, use the URL-encoding scheme, and replace the space with %20
. For example, if you have an organizational unit called My Org Unit, then specify My%20Org%20Unit
in the LDAP URL.
For more information about server parameters related to LDAP integration, see LDAP attribute parameters.