Configuring LDAP Authentication for the userPrincipalName (UPN) Attribute

This procedure outlines the steps required to configure LDAP authentication in the WFM application for the userPrincipalName attribute.

To configure LDAP to authenticate against the userPrincipalName attribute:

  1. In the WFM application, select Maintenance > System Administration > Registry Maintenance
  2. Select this parameter in the Registry Tree: system/authenticate/authenticator
  3. Click Edit.
  4. In the Variable Value field, replace com.workbrain.security.lawson.LSFWorkbrainAuthenticator with com.workbrain.security.ldap.LdapAuthenticator.
  5. Click Save.
  6. For these registry parameters under system/authenticate, edit the parameters and specify these values:
    • LDAPServer (java.lang.String): Specify the name/IP address of the LDAP host.
    • LDAPPort (java.lang.String): Specify the port number of the LDAP server. Defaults to 389 if missing.
    • LDAPUserSuffix (java.lang.String): This parameter is optional and is used to configure com.workbrain.security.ldap.LdapAuthenticator. If a value is specified, the LDAP authenticator will append the specified value to the user name entered during the log in process.
    Note: If you are using LDAPS, you must also set the LDAPProtocol (java.lang.Boolean) registry parameter to true.

If you are deploying LDAPS with the latest supported JDK for Infor Workforce Management and WebLogic, you must complete the following additional configuration steps to ensure a successful deployment:

  • Import the LDAPS server SSL certificate into the JDK keystore for the WFM application and WebLogic.
  • Disable endpoint notification using this Java system property: -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true