A–C
D–H
I–Z
Developer services
Project centers
Community resources
- Adobe Cookbooks (share code)
- CSS Advisor (browser bug fixes)
- Exchanges (share components)
- Adobe Labs
- Adobe Open Source
- Forums
- RSS feeds
- Bug base
- User groups
- Adobe Community Experts (ACE)
- Developer events
Integration
Product documentation
Downloads
Samples
Training and books
- Online training
- Classroom training
- Certification
- Adobe Developer Library
- Adobe Press
- Safari Books Online
Newsletters
Blogs
Archives
ADC program
Additional resources
Table of Contents
Integrating Contribute Publishing Services with LDAP
LDAP Primer
When I talk with most CPS customers, they are not the actual LDAP administrator, and really have no interest in learning LDAP at all. They just need to implement CPS to complete their WPS rollout. However, before you begin configuring CPS for LDAP integration, here are some pointers and terms about LDAP you should know:
- LDAP stands for Lightweight Directory Access Protocol.
- LDAP is a protocol for accessing Directory Services (for example, Microsoft Active Directory/Exchange, IPlanet Directory Server, Novell Directory Services, and so forth).
- CPS supports LDAP version 3 compliant LDAP servers (RFC 2251).
- LDAP servers contain objects─everything is represented as an object.
- LDAP objects are stored in a hierarchical structure called the DIT (Directory Information Tree) and organized into nodes or branches (also called leaves)–see Figure 1 below.
- Each object has properties (called attributes) and instantiates one or more object class (specified in the
objectClassattribute).- An
objectClassis both an attribute and an object. - An
objectClasscan be subclassed and most extend the top object class (objectClass=top).
- An
- Object properties are stored in name/value pairs.
- Each object contains a distinguished name (dn) attribute which uniquely identifies the object in the DIT.
- Typical LDAP attributes are:
dn(Distinquished Name)–uniquely identifies an object in the DITcn(Common Name)–a common or full name for an object in the DITuid(User ID)–a user id for a user objectsAMAccountName–Windows domain logon name (Active Directory/Exchange Server only)mail(Email)–an object’s e-mail attributeobjectClass(Object Class)–a grouping of attributesou(organizationalUnit)–typically a department within an organizationo(organization)–typically an organization within a companydc(domain component)–A portion of the domain name (or DNS name)
Note: LDAP attribute names are usually case-insensitive, but it is best practice to use the correct case (or mix-case) in spelling them.
Your company’s user directory is an LDAP server (or a server implementing a version 3 LDAP interface) and contains user and group objects─each with their own respective DN attributes. The user objects are organized into groups for better management. Contribute users authenticate to the user directory with their username (or DN) and password. Administrators assign rights and permissions to groups, and it is the user’s group membership that provides authorized access.
Now that you have an idea of the LDAP components you will be dealing with, I will review setting up the CPS LDAP settings.
Figure 1. An example directory information tree
