eXo Platform uses PicketLink IDM framework that allows a very flexible integration with an LDAP directory:
It can be plugged to an already populated LDAP directory, in read-only or read-write mode. The LDAP directory can contain users and groups, or only users.
It can be plugged into an empty LDAP directory.
Structure of users and groups in the LDAP directory can be finely customized.
Multiple directories can be used as single datasources for eXo Platform.
Users and groups can be managed via eXo Platform, or directly in the LDAP directory.
Many LDAP implementations are supported (RedHat Directory Server, Microsoft Active Directory, OpenDS, OpenLDAP).
What you need to read from here?
Take an overview of this guideline:
Quick start section simplifies the configuration by assuming that you will use an empty LDAP directory. Once you complete this Quick start, you can easily modify the configuration for other use cases.
Configuration review explains configurations done in Quick start. This is a preparation that you should not bypass before getting further.
In reality, the use cases may be very different from one to one. To make easy for readers, this tutorial is divided into four generic cases:
The term "LDAP users" represents users who are created in LDAP by LDAP utilities. The term "Platform users" represents users who are created via eXo Platform UI. The understanding is similar to "LDAP groups" and "Platform groups".
The PicketLink IDM framework does not distinguish between LDAP-to-Platform and Platform-to-LDAP mapping,
so the configuration is basically the same, but the effect of some parameters can be different.
For example, the createEntryAttributeValues
parameter has no effect on the LDAP-to-Platform mapping,
thus is explained only in the Platform-to-LDAP mapping.
It should be easy to integrate eXo Platform with an LDAP directory if the directory is well-organized and traditional. For complicated cases, you can raise your question and resolution in eXo Community Forum. Your contribution also helps enrich the FAQ section of this document.
If you want to know more about PicketLink IDM configuration, read PicketLink IDM Reference Guide.