What is the User Naming Attribute used for in the Reporter, LDAP realm?
What is the Group Naming Attribute used for in the Reporter, LDAP realm?
What is the Group Class attribute used for in the Reporter, LDAP realm?
How are these attributes used to identify users and groups in the Reporter, LDAP realm?
How does the test button, at the end of the LDAP Realm setup wizard, work?
Explanation of the User Naming Attribute:
The main purpose of the User Naming Attribute of "sAMAccountName" is to identify, and search for users. The user naming attribute is used by the LDAP protocol to match users in your active Directory tree with those who login to reporter. The test button, at the end of the Realm Setup wizard, uses this attribute to search for users. it declares success once it finds a user.
In Micorosofts Active Directory the login ID is stored in the attribute “sAMAccountName” for historical reasons. (Prior to Microsofts Activie Directory, SAM was the user database for Microsoft domains. ) If the user naming attribute is set to “sAMAccountName” then the user would login with the name, such as “Bob.Kent” , which would cause reporter to make a search for “sAMAccountName=Bob.Kent” By default, this attribute is set to "sAMAccountName", but we allow the administrator to change it to other attributes, such as "displayName", if desired.
In Active Directory the full name of the user is stored in the attribute “displayName”. For Bob Kent the display name would be “Bob Kent”. If “displayName” is set as the user naming attribute in Reporter then the user would login with the name of “Bob Kent” and the LDAP search would be for “displayName=Bob Kent”.
Explanation of Group Naming Attribute:
The Group Naming Attribute of "memberOf" is used to list the groups that each user is a member of in the LDAP tree. The group naming attribute is an attribute of a user in LDAP whose values are the user’s group memberships for group to role mapping in Reporter. This is used, after authentication of a user, to list the group membership of each user, and thereby allow access to to the pre-defined roles within the Reporter server, and it's database(s).
Explanation of Group Class:
The Group Class is a globally identifiable class used to search for any available groups within your defined LDAP realm. The search begins at the pre-defined Base DN, and continues down. This is mostly used from the UI when mapping an LDAP group to role(s) in Reporter.
NOTE: For more information on how to setup a Reporter, LDAP, Realm please see 000013348.