Use the Unwired Platform administration perspective to configure LDAP authentication and authorization
security providers, which are used to locate LDAP user information when organizational user groups exist within multiple LDAP trees.
To accommodate an LDAP tree structure that cannot be directly accessed using one search base:
- Create an LDAP authentication module for each level in the hierarchy – during the authentication process, Unwired Platform tries to authenticate against every login module in the ordered list until authentication succeeds or until it reaches the end of the list. Depending on the number of login modules you configure, this approach may have some performance issues.
- Use different AuthenticationScopes for performing user searches – specify the root node of a particular LDAP tree, by entering AuthenticationSearchBase=”dc=sybase, dc=com” and set Scope=subtree. Unwired Platform performs an LDAP query against the entire subtree for authentication and authorization information. Depending on the number of AuthenticationScope within the LDAP tree structure, this approach can have performance implications.
- If multiple servers are clustered together to form a large logical directory tree, configure the LDAPLoginModule by setting the Referral property to follow.
- If subjects have been made members of too many LDAP groups and the search for physical roles results in too many results, the maximum result limit may be reached and authentication fails. To avoid this, narrow the RoleSearchBase to LDAP groups that are relevant only to Unwired Platform.