Pre-Authenticated LDAP login

This is used if Dekho is not required to authenticate by itself, but trusts that a user has already been authenticated via an external system (for example; Tomcat container). The first time a directory service is configured, users and roles will populate the Dekho configuration Database. Before selecting pre-authenticated as authentication method, configuration or customisations to allow Dekho to understand the pre-authenticated principal must be completed.

Set Authentication Pre-Authenticated Login.

The Domain is the machine name of the userís domain controller.

Enter the Standard LDAP Group Settings for definitions and examples of the remainder of this form.

Remember to Click Save!

This will verify the user credentials and parameters. If the credentials and parameters are invalid, a prompt will indicate this and no parameters will be saved until the credentials and parameters can be properly verified by Dekho.

INFORMATION: See LDAP Roles section to find out how to change the Dekho Administrator Role name to match your LDAP admin group name.

Nested LDAP Groups

Use nested LDAP groups by changing configuration in:

<appserver>\Dekho\WEB INF\classes\beans.xml

then restart the Application Server. To enable nested LDAP groups change the following settings;

†††††† <bean id="ldapAuthoritiesReader">

†††† †††††††† ....................

††††††††††††† <property name="includeNestedGroups" value="true"/>

†††††† </bean>

†††††† <bean id="ldapAuthoritiesReaderStatic">

†††† †††††††† ....................

††††††††††††† <property name="includeNestedGroups" value="true"/>

†††††† </bean>

PLEASE NOTE: Using nested LDAP groups reduces application login speed.


Roles