Sonatype CLM Server - Security Administration Guide
In most LDAP implementations users are collected into various groups. This allows for better organization of larger numbers of users, as well as provides a mechanism to isolate particular groups for specific permissions and integration into other systems such as Sonatype CLM. If LDAP groups are not mapped, Sonatype CLM will pull in all users from the Base DN. While this may not be an issue for a small number of users, for larger ones, it may be a concern and may grant unintended access.
As we’ve done with the other configuration areas, let’s look at a sample set of data. In example below we’ll be configuring a static LDAP group.
|
Group Type |
Static |
|
Base DN |
ou=groups |
|
Object Class |
group |
|
Group ID Attribute |
sAMAccountName |
|
Group Member Attribute |
member |
|
Group Member Format |
Once you have gathered this information, access the Sonatype CLM Server LDAP Configuration:
- Log into the Sonatype CLM Server (by default this is available at http://localhost:8070) using a user account with Admin-level permissions (a member of the Admin Group).
-
Click the system preferences icon
located in the top right of the CLM Header/Screen (resembles a
cog/gear).
- Choose LDAP from the available option. The LDAP Administration area will be displayed.
- Click on the Second Tab, just below the Server Name, User and Group Settings.
- Just below the User Element mapping, you will see Group Element Mapping. The Group Type field will be set to none. Change this to static or dynamic based on the parameter descriptions below.
- Enter the various settings.
- Click the Save button when finished.
Note
If at any point you wish to reset the form, click the reset button; Any values that have been entered will be removed.
Using the information from the table above our configuration would look like this:
