Logo Sonatype CLM Sonatype CLM Server - Security Administration Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Security Administration Guide

3.2. LDAP Configuration Parameters

As mentioned, the example above is a basic setup. Given this, there are a number of parameters not utilized. This section provides descriptions for all available parameters that can be configured in the Connection section of the LDAP Configuration area on the Sonatype CLM Server. When applicable, required fields have been noted.

General
Protocol
Valid values in this drop-down are LDAP and LDAPS, which correspond to the Lightweight Directory Access Protocol and the Lightweight Directory Access Protocol over SSL.
Hostname
The hostname or IP address of the LDAP.
Port
The port on which the LDAP server is listening. Port 389 is the default port for the LDAP protocol and port 636 is the default port for the LDAPS.
Search Base
The search base is the Distinguished Name (DN) to be appended to the LDAP query. The search base usually corresponds to the domain name of an organization. For example, the search base on the Sonatype LDAP server could be "dc=sonatype,dc=com".
Authentication
Method

Sonatype CLM provides four distinct authentication methods to be used when connecting to the LDAP Server:

  • Simple Authentication - Simple authentication is not recommended for production deployments not using the secure LDAPS protocol as it sends a clear-text password over the network.
  • Anonymous Authentication - Used when Sonatype CLM only needs read-only access to non-protected entries and attributes when binding to the LDAP.
  • Digest-MD5 - This is an improvement on the CRAM-MD5 authentication method. For more information, see http://www.ietf.org/rfc/rfc2831.txt.
  • CRAM-MD5 - The Challenge-Response Authentication Method (CRAM) based on the HMAC-MD5 MAC algorithm. In this authentication method, the server sends a challenge string to the client, the client responds with a username followed by a Hex digest which the server compares to an expected value. For more information, see RFC 2195. For a full discussion of LDAP authentication approaches, see http://www.ietf.org/rfc/rfc2829.txt and http://www.ietf.org/rfc/rfc2251.txt.
SASL Realm
The Simple Authentication and Security Layer (SASL) Realm to connect with. The SASL Realm is only available if the authentication method is Digest-MD5.
Username
Username of an LDAP User to connect (or bind) with. This is a Distinguished Name of a user who has read access to all users and groups.
Password
Password for an Administrative LDAP User.
Timeouts
Connection
The number of seconds Sonatype CLM should try and connect to the configured server before returning an error.
Retry Delay
The number of seconds Sonatype CLM should wait before attempting to connect to the configured server again (after an error).