Add UID as authentication attribute in Sametime 12

HCL Sametime Sametime Forum
,
1

In older Versions of Sametime one could add the attribute "uid" to the authentication parameters by simply adding it to LDAPServer configuration to "Search filter to use when resolving a user name to a distinguished name" field in stconfig.nsf.

In websphere based versions with Sametime console you could add the uid attribute to the "authentication attributes" (German screenshot below):

Community-Pasted-Attachment-1709209967284.png531×313 40 KB

So there had always been two different search strings, one for searching users and one for authenticating users...

In Sametime 12 I only find one of these:

Community-Pasted-Attachment-1709210114422.png793×244 10.1 KB

And changing it does not allow users to login with their short name (uid property).

Is there a setting in addition to "LDAP_PERSON_RESOLVE_FILTER_ENV" that can be used to set the attributes used for authentication?

2

Hi Torsten,


I believe the setting you are looking for is in the community container in the StCommunityConfig.xml

https://opensource.hcltechsw.com/sametime-doc/v1202/admin/configuring_ldap.html

Look in the above URL for UserDnSearchFilter.

You can override the default setting by copying the file out of the container, then modify it, then you can copy it back in. The steps for this are in this other help topic, which outlines how to get a file in and out of the container on Docker. You can ignore steps 6-8.

https://opensource.hcltechsw.com/sametime-doc/v1202/admin/configuring_ldap_multiple_docker.html

Thanks,

Casey

3

Thank you very much for this approach. I'll nevertheless go with Tonys' approach as it seams to be "closer to standard behaviour".

4

Hey Torsten -

You can set LDAP_USER_DN_SEARCH_FILTER_ENV in custom.env with the appropriate filter.

5

Thank you very much for the name of this variable.

Would be very cool if all possible variables could be added to documentation, so that when I google "Sametime LDAP_PERSON_RESOLVE_FILTER_ENV" then I could automatically find this option as well.

Just for my understanding: Is it correct, that StCommunityConfig.xml within the container is built automatically from the input in custom.env?

That would mean that I would lose all customizations from custom.env regarding that file if I would follow the advice of Casey as the file would be overwritten by the volume after it had been generated from custom.env?

6

Hi Torsten -

There is a documentation task to get these documented.

You are correct that over-riding it with the volume takes precedence over anything you might add to custom.env (pertaining to StCommunityConfig.xml). Keep in mind that the values in custom.env also apply to UserInfoConfig.xml as well.

7

Thank you very much for confirming. I would really love to get a complete list of parameters as I also have customizations in UserInfoConfig.xml that I currently assign using the volume approach and I'd really like to do this all with "default configuration" instead of editing XML files.

8

I'll likely regret doing this :D


If you shell into the Community container - you can "cat" the ststart file - its job, among other things, is to read the various environment variables and pushing them into the configuration file(s).

You see output of this at the top of the community log telling you what is/isn't set.

Perhaps that helps?

9

Great information, thank you. Don't worry, I won't tell anybody else ;)

I just checked: Unfortunately I cannot use this for my UserInfoConfig.xml Customization as I use multi-values for some attributes:

<Detail Id="Name" FieldName="givenname,sn,nameAbbreviation" Type="text/plain" DisplaySeparator=" "/>

<Detail Id="Telephone" FieldName="telephoneNumber,mobile" Type="text/plain" DisplaySeparator=" / "/>

So I'd need some more env-variables like

USER_INFO_PHOTO_ATTR_SEPARATOR

and then something like:

if [[ ! -v USER_INFO_PHOTO_ATTR ]]; then
        echo "USER_INFO_PHOTO_ATTR is NOT set"
elif [[ ! -z "{$USER_INFO_PHOTO_ATTR}" ]]; then
	if [[ ! -v USER_INFO_PHOTO_ATTR_SEPARATOR  ]]; then
			echo "USER_INFO_PHOTO_ATTR_SEPARATOR is NOT set"
			sed -i '/<Detail.* Id="Photo".*FieldName=/s/FieldName="[^"]*"/FieldName="'"$USER_INFO_PHOTO_ATTR"'"/' /local/notesdata/UserInfoConfig.xml
	elif [[ ! -z "{$USER_INFO_PHOTO_ATTR_SEPARATOR}" ]]; then
			echo " USER_INFO_PHOTO_ATTR_SEPARATOR[${USER_INFO_PHOTO_ATTR_SEPARATOR}] "
			sed -i 'FILL IN THE RIGHT REGEX HERE ;)' /local/notesdata/UserInfoConfig.xml
	fi
fi