Configuring LDAP settings

When configuring LDAP, you must add the settings on this page in the owl-env.sh (Standalone) or Web ConfigMap (Cloud Native).

This configuration occurs upon start-up of the Collibra DQ web application. See Standalone Install for a complete list of the owl-env.sh scripts.

Note These settings are not required for Active Directory because the default properties specific to the AD library load upon the start-up of the Collibra DQ WebApp.

Required script settings to configure LDAP

The following table provides descriptions of the owl-env.sh (Standalone) or Web ConfigMap (Cloud Native) settings to add when you configure LDAP.

Note You can override the default script settings, however, it is dependent on your LDAP provider and how LDAP is implemented.

owl-env.sh setting	Description
LDAP_GROUP_RESULT_DN_ATTRIBUTE	The fully qualified name of the group with the base path; for example, CN=OwlAppAdmin,OU=OwlGroups,OU=Groups,DC=owl,DC=com. Default: distinguishedname.
LDAP_GROUP_RESULT_NAME_ATTRIBUTE	The common name of the group. Default: CN.
LDAP_GROUP_RESULT_CONTAINER_BASE	This value is used only when the LDAP Group Object has no attributes for the previous properties. In this case, this would get set to the base path and organizational units, where the group is located. Default: None. Note If the LDAP_GROUP_RESULT_DN_ATTRIBUTE is not found, the LDAP_GROUP_RESULT_NAME_ATTRIBUTE is combined with the LDAP_GROUP_RESULT_CONTAINER_BASE, to save the fully qualified group name.

owl-env.sh setting

Description

LDAP_GROUP_RESULT_DN_ATTRIBUTE

The fully qualified name of the group with the base path; for example, CN=OwlAppAdmin,OU=OwlGroups,OU=Groups,DC=owl,DC=com.

Default: distinguishedname.

LDAP_GROUP_RESULT_NAME_ATTRIBUTE

The common name of the group.

Default: CN.

LDAP_GROUP_RESULT_CONTAINER_BASE

This value is used only when the LDAP Group Object has no attributes for the previous properties. In this case, this would get set to the base path and organizational units, where the group is located.

Default: None.

Note If the LDAP_GROUP_RESULT_DN_ATTRIBUTE is not found, the LDAP_GROUP_RESULT_NAME_ATTRIBUTE is combined with the LDAP_GROUP_RESULT_CONTAINER_BASE, to save the fully qualified group name.

Script Settings for Search Configuration

The following table provides descriptions of the owl-env.sh (Standalone) or Web ConfigMap (Cloud Native) settings to add when you configure the search filter.

owl-env.sh setting	Description
LDAP_ROLES_PROP_NAME	Attribute of the group object to find the name. This is usually the common name of the group and is used to map the LDAP group to the internal role. Default: memberOf.
LDAP_USER_SEARCH_ATTRIBUTE	Property used as part of a filter to look for user membership in a group. The Group Object in LDAP has an attribute where users are listed. This value must be set for this property. Default: distinguishedname.

owl-env.sh setting

Description

LDAP_ROLES_PROP_NAME

Attribute of the group object to find the name. This is usually the common name of the group and is used to map the LDAP group to the internal role.

Default: memberOf.

LDAP_USER_SEARCH_ATTRIBUTE

Property used as part of a filter to look for user membership in a group. The Group Object in LDAP has an attribute where users are listed. This value must be set for this property.

Default: distinguishedname.