5.3.8 Repository access by Cosminexus standard login modules
This section describes how the Cosminexus standard login modules access the user information repository.
- Organization of this subsection
(1) User entry search
The following login modules use the LDAP directory server as the user information repository and can search for user entries during authentication.
-
WebPasswordLoginModule
-
WebCertificateLoginModule
-
WebPasswordLDAPLoginModule
ua.conf (the integrated user management configuration file) is used to specify whether to search for user entries and the search scope. The necessity of the search depends on the DIT structure of the LDAP directory server.
- Cases in which a search is not needed
-
To obtain the user attributes and authenticate the user, it is necessary to locate the user entry on the LDAP directory server based on the user ID entered by the user.
If the user entry is immediately below the base DN and if the user ID is included in the user entry RDN (Relative Distinguished Name) as shown in the following figure, the user entry DN can be composed of the base DN, the attribute name representing the user ID and the user ID. Thus, a search is not needed. When implementing integrated user management, it is recommended to construct a DIT structure that does not require search.
Figure 5‒18: User entry immediately below the base DN ![[Figure]](GRAPHICS/ZU101800.GIF)
- Cases in which a search is needed
-
If the user ID is not included in the user entry RDN or if the user entry is not immediately below the base DN, it is necessary to search for the user entry. When the user entry is at two or more levels below the base DN as shown in the figure, the search scope must include all the subtrees (all the levels below the base DN).
Figure 5‒19: User entry at two or more levels below the base DN ![[Figure]](GRAPHICS/ZU101900.GIF)
(2) Connection pool
The Cosminexus standard login modules can use the connection pool to accelerate access to the user information repository.
The connection pool is specified in ua.conf (the integrated user management configuration file).
The following login modules can use the LDAP connection pool.
-
WebPasswordLoginModule
-
WebCertificateLoginModule
-
WebPasswordLDAPLoginModule
-
WebSSOLoginModule
The following login module can use the JDBC connection pool.
-
WebPasswordJDBCLoginModule