Citrix Systems 4.2 4.2.2. Example LDAP Configuration Commands, 4.2.3. Search Base

Example LDAP Configuration Commands

6. Click OK.

1. Log in to the CloudPlatform.

2. From the left navigational bar, click Global Settings.

3. From the Select view drop down, select LDAP Configuration.

4. In the Quick View, click Remove LDAP.

Alternatively, you can click Remove LDAP in the LDAP Configuration Details page.

4.2.2. Example LDAP Configuration Commands

To understand the examples in this section, you need to know the basic concepts behind calling the

CloudPlatform API, which are explained in the Developer’s Guide.

The following shows an example invocation of ldapConfig with an ApacheDS LDAP server

http://127.0.0.1:8080/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou

%3Dtesting%2Co%3Dproject&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=cn%3DJohn+Singh%2Cou

%3Dtesting%2Co%project&bindpass=secret&port=10389&ssl=true&truststore=C%3A%2Fcompany%2Finfo

%2Ftrusted.ks&truststorepass=secret&response=json&apiKey=YourAPIKey&signature=YourSignatureHash

The command must be URL-encoded. Here is the same example without the URL encoding:

http://127.0.0.1:8080/client/api?command=ldapConfig

&hostname=127.0.0.1

&searchbase=ou=testing,o=project

&queryfilter=(&(%uid=%u))

&binddn=cn=John+Singh,ou=testing,o=project

&bindpass=secret

&port=10389

&ssl=true

&truststore=C:/company/info/trusted.ks

&truststorepass=secret

&response=json

&apiKey=YourAPIKey&signature=YourSignatureHash

The following shows a similar command for Active Directory. Here, the search base is the testing

group within a company, and the users are matched up based on email address.

http://127.127.0.0:8080/client/api?command=ldapConfig&hostname=127.147.28.250&searchbase=OU

%3Dtesting%2CDC%3Dcompany&queryfilter=%28%26%28mail%3D

%25e%29%29 &binddn=CN%3DAdministrator%2COU%3Dtesting%2CDC

%3Dcompany&bindpass=1111_aaaa&port=389&response=json&apiKey=YourAPIKey&signature=YourSignatureHash

The next few sections explain some of the concepts you will need to know when filling out the

ldapConfig parameters.

4.2.3. Search Base

An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The

search base is the distinguished name (DN) of a level of the directory tree below which all users can

be found. The users can be in the immediate base directory or in some subdirectory. The search base

may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies