How to Set up LDAP Authentication

To configure LDAP authentication for Oxygen Feedback Enterprise:

Enable LDAP authentication support by editing the $OXYGEN_FEEDBACK_INSTALL_DIR/oxygen-feedback-home/config/feedback-ldap.properties file and set the feedback.ldap.enabled property to true.
Configure the URL for your LDAP server by setting the feedback.ldap.serverUrl property. For example:
```
feedback.ldap.serverUrl=ldap://ldap.example.com:33389/dc=myco,dc=org
```
Specify the pattern for the search filter used to identify a user entity on the LDAP server by setting the feedback.ldap.userSearchFilter property. For example:
```
(|(mail={0})(uid={0}))
```
The substituted parameter is the user's login name. This example pattern enables user authentication with both the username and email address.
Specify the name of the email attribute for the LDAP user entity by setting the feedback.ldap.emailAttribute property.
Important: For the authentication to work, it is mandatory that your LDAP users entities have an associated email address.
Specify whether or not new account registration is allowed by setting the feedback.ldap.userRegistrationEnabled property. For example, to disable new account registration (hides the Sign Up form in the login page):
```
feedback.ldap.userRegistrationEnabled=false
```
Note: The feedback.ldap.userRegistrationEnabled property does not disable the possibility of authenticating using a local (DB) account. It only hides the Sign Up form, thus inhibiting the possibility of creating new local user accounts.

Example of the Configuration Properties File

###########################################################################
# Stores the configuration properties for the LDAP authentication support #
###########################################################################

# Flag used to enable the LDAP authentication support.
feedback.ldap.enabled=true

# Flag used to enable users to register with a Feedback local (non-ldap) account.
feedback.ldap.userRegistrationEnabled=true

# Specifies the LDAP server URL of the form ldap://localhost:389/base_dn
# LDAPS URLs may be used
# For example: "ldap://ldap.example.com:33389/dc=myco,dc=org".
feedback.ldap.serverUrl=ldap://ldap.example.com:33389/dc=myco,dc=org

# The LDAP filter used to search for users. 
# For example "(uid={0})". The substituted parameter is the user's login name.
feedback.ldap.userSearchFilter=(|(mail={0})(uid={0}))

# Context name to search for users in, relative to the Base DN specified in the server URL
# May be empty -> the search will be performed against the Base DN
# For example: "cn=users"
# => Considering "ldap://ldap.example.com:33389/dc=myco,dc=org" as server URL, then the users will be searched under "cn=users,dc=myco,dc=org"
feedback.ldap.userSearchBase=cn=users

# The name of the email attribute of the user entity.
# Defaults to 'mail'
feedback.ldap.emailAttribute=mail

# The name of the attribute containing the user's full (display) name.
# Defaults to 'cn'
feedback.ldap.nameAttribute=cn

# Credentials of the user that has privileges to search the directory. Simple binding is used.
# If not provided, anonymous bind is used.
feedback.ldap.admin.dn=cn=admin,cn=users,dc=myco,dc=org
# Must be non-empty if 'feedback.ldap.admin.dn' is provided
feedback.ldap.admin.password=myPassword

How to Handle LDAP Servers That do not Support Anonymous Binding

If your LDAP server does not support anonymous binding (i.e. it requires authentication), you can specify the DN (distinguished name) and password of a user that has privileges for searching the LDAP user directory by setting both of the following configuration properties in the $OXYGEN_FEEDBACK_HOME_DIR/config/feedback-ldap.properties file:

feedback.ldap.admin.dn - Specifies the distinguished name of the user with LDAP searching privileges.
feedback.ldap.admin.password - Specifies the password of the user with LDAP searching privileges.

Note: If these properties are missing or left blank, anonymous binding is used.

The following optional properties can also set in the $OXYGEN_FEEDBACK_HOME_DIR/config/feedback-ldap.properties file:

feedback.ldap.userSearchBase - Specifies the context name to be used when searching for users (relative to the Base DN specified in the server URL). If this property is left empty, the search will be performed against the Base DN.
feedback.ldap.nameAttribute - Specifies the name of the attribute that contains the full display name of the user. If omitted, the value defaults to cn.