Use the Unwired Platform administration perspective to configure the LDAP authentication and authorization
security providers, which are used locate LDAP user information when organizational user groups exist within multiple LDAP trees.
You can use these approaches to accommodate an LDAP tree structure that cannot be directly accessed using one search base:
- Create an LDAP authentication module for each level in the hierarchy – during the authentication process, Unwired Platform tries to authenticate against every login module in the ordered list until authentication succeeds or until it reaches the end of the list. Depending on the number of login modules you configure, this approach may have some performance issues.
- Use different scopes for performing user searches – specify the root node of a particular LDAP tree, by entering AuthenticationSearchBase=”dc=sybase, dc=com” and set Scope=subtree. Unwired Platform performs an LDAP query against the entire subtree for authentication and authorization information. Depending on the number of subtrees within the LDAP tree structure, this approach can have performance implications.
- Implement a proprietary login module – create a custom logic and search mechanism by implementing the login module callback interface. This approach involves Java coding to a set of public interfaces within Unwired Platform.