For additional authorization it is required to have configured LDAP (Lightweight Directory Access Protocol) server with complete structure. Site alias of a site, that is its DN format, should be indicated in SiteBuilder LDAP module configuration, and its password, that is UserPassword attributes, are stored in LDAP records. Authorization is performed on the basis of these data. The registered site with the same site alias must be stored in SiteBuilder database. The password indicated in SiteBuilder database is not verified when additional authorization is turned on. Only you are able to change User's password and you are able to do this only in LDAP data. SiteBuilder itself does not provide such an option to you, that is you are able to change User's password using any LDAP client of your choice, but unable to do it using SiteBuilder program. In order to avoid errors, occurring due to password change, Users are unable to change password themselves when additional authorization is turned on. The corresponding Password button with the link to Change Password page is missing in the SiteBuilder Wizard during additional authorization. Also when the authorization is turned on, the access to SiteBuilder for trial sites is forbidden. All authorization features are applied to sites only. You log in as usual.
All site data except the password is stored in SiteBuilder database. That is why it is important for the site alias in LDAP to correspond with SiteBuilder database record containing the same site alias.
When additional authorization is turned off everything starts operating as it used to before authorization process was initiated.
To configure additional authorization parameters
Host address is specified in the LDAP server host address field. You can enter several host addresses separated by space.
Example: myldaphost1.com 127.0.0.1.
Port number for each host can also be specified in this line. Host addresses are separated from port numbers by colon.
Example: myldaphost.1.com:8081.
If no value is entered as LDAP server host address then host address from LDAP configuration file is used.
More detailed information regarding LDAP functions is provided in LDAP API documentation.
Next parameter for specification is LDAP server port. It is entered in the LDAP server port field. This port number is used if no port number is provided in "host:port" format. If this port number is not specified, then the port number from LDAP configuration file is used instead.
Third parameter on this screen is LDAP distinguished name format (DN format). LDAP DN format is required for additional authorization initiation. DN stands for Distinguished Format. It is used for Bind function while LDAP authorization takes place. You can use macro %site_alias in DN which is replaced by Site Alias during LDAP Authorization.
Example: cn=%site_alias, dc=sitebuilder, dc=com.
Note: For site authorization LDAP Authorization process uses a pair of parameters: Site Alias and Password. So LDAP record for a site (identified with specified DN) has UserPassword attribute.