Configuring LDAP Authentication for the cn Attribute

This procedure outlines the steps required to configure LDAP authentication in the WFM application for the cn attribute.

To configure LDAP to authenticate against the cn attribute:

  1. In the WFM application, select Maintenance > System Administration > Registry Maintenance
  2. Select this parameter in the Registry Tree: system/authenticate/authenticator
  3. Click Edit.
  4. In the Variable Value field, replace com.workbrain.security.lawson.LSFWorkbrainAuthenticator with com.workbrain.server.authenticate.LdapAuthenticator.
  5. Click Save.
  6. For these registry parameters under system/authenticate, edit the parameters and specify these values:
    • LDAPServer (java.lang.String): Specify the name/IP address of the LDAP host.
    • LDAPPort (java.lang.String): Specify the port number of the LDAP server. Defaults to 389 if missing.
    • LDAPUserIDAttrib (java.lang.String): Specify the LDAP user ID attribute. Defaults to cn.
    • LDAPOtherAttrib (java.lang.String): Specify the remaining DN attributes. Empty by default.
    Note: If you are using LDAPS, you must also set the LDAPProtocol (java.lang.Boolean) registry parameter to true.
  7. As an example, if your DN binding strings are as follows:

    DN binding string: cn=JOE,ou=users,dc=infor,dc=com

    DN binding string: cn=WORKBRAIN,ou=users,dc=infor,dc=com

    Then you must follow these rules when creating your users in the WFM application and your LDAP server:

    1. The cn attribute must match users that already exist in the WFM application. These WFM users are found in the WBU_NAME column of the WORKBRAIN_USER table in the WFM database.
    2. The remaining attributes in the DN binding string (such as ou and dc in the example above) must be identical for all users.
    3. The LDAPOtherAttrib must be set to the remaining attributes of the DN. In the example above, this is ou=users,dc=infor,dc=com.

If you are deploying LDAPS with the latest supported JDK for Infor Workforce Management and WebLogic, you must complete the following additional configuration steps to ensure a successful deployment:

  • Import the LDAPS server SSL certificate into the JDK keystore for the WFM application and WebLogic.
  • Disable endpoint notification using this Java system property: -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true