LDAP authentication provider

This section describes how to use LDAP authentication instead of the default, basic authentication for remote access to Service Virtualization Server and Service Virtualization Management.

LDAP authentication

This section describes how to configure LDAP authentication for remote access to Service Virtualization Server and Service Virtualization Management.

To use LDAP authentication:

  1. Set up an LDAP server for your users, as described in your LDAP server documentation.
  2. In an editor, open the Service Virtualization Server configuration file, [INSTALLLOCATION]\Server\bin\HP.SV.StandaloneServer.exe.config.

  3. Define the membershipProviderConfiguration element, as described in LDAP authentication provider, making sure to specify Ldap.

  4. Define an additional ldapMembershipProviderConfiguration element to configure the LDAP connection. You can also place this element in an external file using the configSource attribute.

    Attribute Description
    ldapProviderUrl

    The URL of the LDAP server.

    Example: ldap://example.com:389/DC=SV%20Lab,DC=Com

    Note: The value must be url-escaped, so, for example, set all white spaces to %20.

    connectionUsername

    Credentials to use when browsing LDAP during the login.

    Note: Many LDAP servers require a full DN in connectionUsername. The value must not be url-escaped. The user must have read access to all LDAP entries under usersSearchBase.

    connectionPassword,
    enc-connectionPassword

    Password of the user specified by connectionUsername. If a password encryption feature is enabled during installation, then the encrypted password may be stored in the enc-connectionPassword attribute.

    Use the following command to encrypt the LDAP password:
    ConfigTool.exe enc-printEncryptedValue server [LDAP password]

    loginFilter

    LDAP filter string to search for LDAP user entry during login.

    The search is performed inside the LDAP entry denoted by ldapProviderUrl and usersSearchBase combined. The $login$ string references the name that the user entered on the login page. The user found is then used to perform the actual login operation (LDAP bind operation). The LDAP entry's DN is used for the bind operation.

    usersSearchBase

    Users base DN.

    • If defined, users are retrieved only from the LDAP subtree denoted by this DN. This DN must be relative to the root specified by ldapProviderUrl.
    • If omitted, the users base DN is assumed empty. Instead, user searches are performed under the entry denoted by ldapProviderUrl.
    userDisplayNamePattern

    The pattern for constructing the user's display name as shown in the UI. Strings in curly brackets are replaced by the values of LDAP attributes. For example, the pattern "{sn}, {givenName}" will be displayed as "Shakespeare, William" in Windows AD LDAP.

    If this property is missing or if references are missing LDAP attributes, the LDAP DN is used as the display name.

    groupDisplayNamePattern

    The pattern for constructing the group's display name as shown in the UI. This syntax is similar to userDisplayNamePattern, as described above.

    svOperatorsGroupName,
    svPublishersGroupName,
    svRuntimeAdministratorsGroupName,
    svServerAdministratorsGroupName,
    svmUsersGroupName

    ACL definition groups.

    For details, see Authenticate the SV Server.

  5. Repeat steps 3 and 4 for SVM (Service Virtualization Manager): In an editor, open the Service Virtualization SVM configuration file, [INSTALLLOCATION]\Server\bin\SvmRoot\HP.SV.ServiceVirtualizationManager.exe.config.

Back to top

LDAP connection examples

Copy these code segments as a base for an LDAP connection.

Example: LDAP configuration for a connection to Windows Active Directory

Copy code
<membershipProviderConfiguration
  membershipProvider="Ldap"
  loginUsernameTitle="MyCompany primary e-mail address"
  cachedLogonTokenLifetime="00:01:00"/>

<ldapMembershipProviderConfiguration
  ldapProviderUrl="ldaps://ldapServer.example.net:636"
  connectionUsername="sv_auto@example.net"
  connectionPassword="a secret"
  loginFilter="sAMAccountName=$login$"
  usersSearchBase="OU=EMEA,OU=Shared,DC=example,DC=net"
  groupsSearchBase="OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
  userDisplayNamePattern="{sn}, {givenName}"
  groupDisplayNamePattern="{cn}"
  svOperatorsGroupName="CN=SV_Operators,OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
  svPublishersGroupName="CN=SV_Publishers,OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
  svRuntimeAdministratorsGroupName="CN=SV_RuntimeAdmins,OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
  svServerAdministratorsGroupName="CN=SV_Admins,OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
  svmUsersGroupName="CN=SV_SVMUsers,OU=Cloud,OU=Global,OU=Shared,DC=example,DC=net"
/>

Example: LDAP configuration for a connection to OpenLDAP

Copy code
<membershipProviderConfiguration
  membershipProvider="Ldap"
  loginUsernameTitle="MyCompany primary e-mail address"
  cachedLogonTokenLifetime="00:01:00"/>
...                                    
<ldapMembershipProviderConfiguration
  ldapProviderUrl="ldap://ldap.example.net"
  connectionUsername="cn=Manager,dc=example,dc=net"
  connectionPassword="changeit"
  loginFilter="uid=$login$"
  usersSearchBase="ou=Users,ou=Sites,dc=example,dc=net"
  groupsSearchBase="ou=Groups,dc=example,dc=net"
  userDisplayNamePattern="{cn}"
  groupDisplayNamePattern="{cn}"                
  svOperatorsGroupName="cn=svOperators,ou=Groups,ou=Sites,dc=example,dc=net"
  svPublishersGroupName="cn=svPublishers,ou=Groups,ou=Sites,dc=example,dc=net"
  svRuntimeAdministratorsGroupName="cn=svRuntimeAdmin,ou=Groups,ou=Sites,dc=example,dc=net"
  svServerAdministratorsGroupName="cn=svServerAdmin,ou=Groups,ou=Sites,dc=example,dc=net"
  svmUsersGroupName="cn=svmUsers,ou=Groups,ou=Sites,dc=example,dc=net"
/>

Back to top

See also: