In ViPR SRM, you have had to edit an XML file in the past in order to configure LDAP. We are thinking of adding a GUI to make it easier to configure. (Please understand that this posting is NOT A PROMISE that the feature will make it into the next release.)

I have a few quick mock-ups below to show the GUI we are thinking of creating. The idea is that in the GUI you should be able to

· c  specify at least one realm with the following attributes:

• Server URL  (And alternate)
• Manager logon on password
• Search scope, base and filter.

§  User search

§  Role based search

• Specify more realms
• Set the order of which realm to use for authentication
• Have a way to specify n-number of additional parameters.

·   

You get to the LDAP configuration from the Centralized Administration page, a Configuration drop-down menu (In the current version there is just a Configuration button that takes you to a dialog to configure servers.)

Choosing "Directory Services" launches the following dialog:

If you click "Add New Name/Value Pair", the dialog changes as follows:

This is what the labels map to in the XML File:

Label	Maps to in XML file	Hover help	Comments/info
Name:	Realm
Server URL:	connectionURL	The host URL (connectionURL)
Manager DN:	connectionName	The username (connectionName) the realm uses to authenticate with the directory service.
Manager password:	connectionPassword	The password  (connectionPassword) for the user specified as the Manager DN. Password is encrypted automatically.
Search scope:	userSubtree	Choose “True” to search for users in subtrees below the Search base (userBase)	(True = subtree, False = one level) Defaults should be True
Search base:	userbase	Specify where you want to start the user search (userBase) from. If this is blank the search starts from the top level element in the directory. For example OU=location,DC=domain,DC=com.
Search filter:	userSearch	Filter expression used to search for users in the directory, for example, usersearch=U(uid={0}) “
Role base:	roleBase	Defines the base entry for role searches
Role scope:	roleSubtree		Dropdown with true = subtree, false = one level Not applicable “Not applicable” is the default
Role name:	roleName	The attribute that contains the role name. For example, CN
Role search:	RoleSearch	Used to filter on selected role entries. For example, {0} for DN, {1} for the user’s login name
User role name:	UserRoleName	In the directory, the attribute with the name of the role. For example, memberOf

Adding a Realm

Adding a Realm works similar to the way you add a Server. Click the “Add Realm” dialog and  a new “twisty section” appears with all the Directory services fields. The already- configured directory services is “pushed down” in a new twisty section.  Each twisty section can be collapsed. This make it easy for  you to see how many Realms you have configured and to re-order them.

We've tried to use the same or similar lables to the ViPR Controller LDAP GUI.

We appreciate any feedback on where/how you get to this dialog, the fields, labels, or layout.