In order to have OpenClinica configured to authenticate users using LDAP/Active Directory, these configuration values need to be defined in datainfo properties. As of 3.1.4, these are the new properties that are added to the datainfo properties and need to be set in order to enable LDAP.
Property name | Description |
ldap.enabled | Set to true if LDAP/ActiveDirectory should be used to authenticate users in OpenClinica. Values allowed for this field are true and false. |
ldap.host | LDAP/ActiveDirectory server host address.
Example: ldap://ldapserver:389 |
ldap.userDn | Distinguished name (DN) of the user account which can authenticate to LDAP/ActiveDirectory, to perform the authentication of OpenClinica users. This user must have privileges to search the LDAP structure. We recommend creating a dedicated LDAP/ActiveDirectory account to be used in this property.
Example: CN=openclinica,OU=example,OU=com |
ldap.password | Password of the user configured in the property ldap.userDn. |
ldap.loginQuery | Query used during login to retrieve an LDAP account by username, where the placeholder {0} is replaced by the username typed in the login screen. This query must never return more than one account. To increase overall application security, this query should never return a user account that has no access to OpenClinica (e.g., by filtering accounts that belong to a specific group).
Example: (&(memberOf=CN=group,OU=example,OU=com)(sAMAccountName=*{0}*)) |
ldap.passwordRecoveryURL | URL to redirect LDAP/ActiveDirectory users when the forgotten password link is clicked. |
ldap.userSearch.baseDn | Base DN to search for user accounts in LDAP/ActiveDirectory. Only user accounts that belong to this base DN can be configured as an OpenClinica user account.
Example: OU=example,OU=com |
ldap.userSearch.query | LDAP query used to search for users in the LDAP Users Search screen, where the placeholder {0} is replaced by the text entered in the Search field. To increase overall application security, this query should never return a user account that has no access to OpenClinica (e.g., by filtering accounts that belong to a specific group).
Example: (&(memberOf=CN=group,OU=example,OU=com)(sAMAccountName=*{0}*)) |
ldap.userData.distinguishedName | Name of the LDAP property from which the distinguished name (DN) will be retrieved. |
ldap.userData.username | Name of the LDAP property from which the username will be retrieved. |
ldap.userData.firstName | Name of the LDAP property from which the first name will be retrieved. |
ldap.userData.lastName | Name of the LDAP property from which the last name will be retrieved. |
ldap.userData.email | Name of the LDAP property from which the email will be retrieved. |
ldap.userData.organization | Name of the LDAP property from which the organization will be retrieved. |