LDAP Authentication / Lookup
Since UniTime 3.4, we use Spring Security to provide authentication and authorization. The process is the same, but there are different properties to set. First of all, if the LDAP server is accessed through SSL, the SSL layer needs to be set up using the javax.net.ssl Java system variables. Typically, the following properties need to be added to Tomcat/conf/catalina.properties file:
Besides of that, the LDAP server can be configured using the following custom properties. These properties are needed during the UniTime startup, so they need to be added in Tomcat/conf/catalina.properties or in a UniTime custom properties file (setting them using the Application Configuration will not do, see UniTime Installation: Customization for more details).
LDAP can also be used for people lookup (as one of the sources, besides instructors, staff, students, timetabling managers, and event contacts). To set LDAP lookup, you need to use the following properties:
See PeopleLookupBackend#findPeopleFromLdap for the implementation.
Moreover, it is expected that the LDAP lookup only returns usernames (attribute uid, not the actual external ids). If external ids are different from usernames, there is a class (SpringLdapExternalUidTranslation) that provides translation between these two.
The above one is using the LDAP authentication module to translate usernames (uid attribute) into external ids (extid attribute).
Timetable Managers / Instructors Validation
There is also a possibility to use LDAP to validate timetable mangers and instructors.
If enabled, the interface (SpringLdapExternalUidLookup) is used to validate (and/or translate) the entered username / external id. The above implementation also uses the LDAP authentication module (with a query provided in the tmtbl.authenticate.ldap.identify property).
Using some LDAP explorer (e.g., JXplorer, http://jxplorer.org/) may help you to find out all the settings (e.g., what certificates you need, or how the query should look like) in a more interactive way.