...

When installing OpenLDAP on Ubuntu (Desktop version), all LDAP functions worked without any issues. Any LDAP client can access the remote LDAP server.

NBIA LDAP Settings

...

1. In nbia.properties (Tomcat7.0/lib/nbia.properties), ldap.user and ldap.pass must be the administrator information of LDAP server. Modify nbia.properties as follows.

   Code Block
   authentication.type=ldap-auth ldap.url=ldap://<ip address><port number> ldap.basedn=dc=<org name>,dc=org ldap.user=CN=admin,dc=<org name>,dc=org ldap.pass=<password> ldap.memberOf.attribute.name=isMemberOf ldap.mail.attribute.name=mail ldap.group.ignore.list=PwmAdmins,devTeam,nlst,testGroup public.collection.access.group.name=General User product.variation=NBIA

...

2. Modify jaas.conf (Tomcat7.0/conf/jaas.conf) as follows:
   

   Code Block
   NCIA { gov.nih.nci.security.authentication.loginmodules.LDAPLoginModule Required ldapHost="ldap://<ip address><port number>" ldapSearchableBase="dc=<org name>,dc=org" ldapUserIdLabel="cn" ldapAdminUserName="CN=admin,dc=<org name>,dc=org" ldapAdminPassword=

...

1. <password>

...

1. ; };

   
   The jaas.conf is generated during NBIA installation. The default ldapUserIdLabel is cn, which means the LDAP server will search the cn value, then compare it to the login username. If the user name exists in the LDAP server, the LDAP server will authenticate this user.
   
   Some LDAP servers may use another field to store the login username, such as uid. In this case, change the username value to uid. For example, ldapUserIdLabel="cn"

2. Restart Tomcat for the change to take effect.