NetX's default LDAP integration uses the exogen-config-LDAP.xml file. This configuration file allows you to map a limited amount of information from your LDAP system into NetX's user profile fields including First Name, Last Name, and Email. If you want to map additional attributes, you will need to configure Advanced LDAP Attribute Mapping.
Note: these instructions are intended for use by a skilled system administrator for an on-premise hosted installation. If your NetX site is hosted by us, please contact Support to install your configuration files into the site
Configuration File
This feature makes use of a new configuration file: auth_attribute.xml. This file maps LDAP attributes to corresponding fields in the NetX database. The following example shows Active Directory attributes being mapped to NetX user profile fields.
<mapping> <auth_attribute>streetAddress</auth_attribute> <netx_attribute>address1</netx_attribute> </mapping> <mapping> <auth_attribute></auth_attribute> <netx_attribute>address2</netx_attribute> </mapping> <mapping> <auth_attribute>l</auth_attribute> <netx_attribute>city</netx_attribute> </mapping> <mapping> <auth_attribute>st</auth_attribute> <netx_attribute>state</netx_attribute> </mapping> <mapping> <auth_attribute>postalCode</auth_attribute> <netx_attribute>zip</netx_attribute> </mapping>
There are a few important rules to follow when using the auth_attribute.xml file:
- The attribute values are case sensitive, so use caution.
- Please consult your LDAP software documentation for a current list of attribute names.
-
The system needs mappings populated for 4 required fields or it will break your existing LDAP integration. Here is an example using Active Directory:
<mapping> <mapped_attribute>sAMAccountName</mapped_attribute> <netx_attribute>login</netx_attribute> </mapping> <mapping> <mapped_attribute>sn</mapped_attribute> <netx_attribute>name1</netx_attribute> </mapping> <mapping> <mapped_attribute>givenName</mapped_attribute> <netx_attribute>name3</netx_attribute> </mapping> <mapping> <mapped_attribute>mail</mapped_attribute> <netx_attribute>email</netx_attribute> </mapping>
- NetX will not accept null values for the 4 required mappings listed above. For example, because the mail attribute is mapped to email field in NetX, the system will not permit users to login that do not have an email address registered in their LDAP profile.
Setup
-
To enable this feature, you will need to add the following property:
Name Value user.directory_use_xml_mapping true - Create a copy of {application directory}/netx/config/auth_attribute-default.xml and name the copy auth_attribute.xml. Store it in the same directory. This creates a blank file for you to work with and leaves a default in case you want to start over.
- Fill out the desired mappings (don't forget to follow the rules listed above), and save the file.
- Restart the application for the configuration to take effect.