LDAP authentication
You can add, update, and delete LDAP authentication settings.
Add LDAP authentication settings
- Select ldap from the Auth Server Settings dropdown menu.
- Right-click in the LDAP authentication table and select Create New.
- Enter values in the relevant fields. See LDAP authentication fields.
- Select Save.
Update LDAP authentication settings
- Select ldap from the Auth Server Settings dropdown menu.
- Right-click an LDAP server and select Edit.
- Update the values that you want to change.
- Select Save.
Delete LDAP authentication settings
- Select ldap from the Auth Server Settings dropdown menu.
- Right-click an LDAP server and select Delete.
- Select Yes in the confirmation dialog box to delete the selected server.
LDAP authentication fields
The Create New LDAP Server and Edit LDAP Server dialogs contain the following fields:
Settings |
Guidelines |
---|---|
Name |
Required. The LDAP server name. |
Account Key Filter |
Account key filter, using the user principal name (UPN) as the search filter. |
Account Key Processing |
Account key processing operation, either to keep or to strip the domain string of the UPN in the token: same—Same as the UPN. strip—Strip the domain string from UPN. |
CA-Cert |
CA certificate name. |
CN ID |
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is |
Distinguished Name |
Required. Distinguished name used to look up entries on the LDAP server. |
Group Filter |
The filter used for group matching. |
Group Member Check |
Group member checking methods: user-attr—User attribute checking. group-object—Group object checking. posix-group-object—POSIX group object checking. |
Group Object Filter |
The filter used for group searching. |
Group Search Base |
The search base used for group searching. |
Member Attribute |
The name of the attribute from which to get group membership. |
Password |
The password for initial binding. |
Enable Password Expiry Warning |
Enable or disable warnings before the password expires. |
Password Renewal |
Enable or disable online password renewal. |
Port |
The port to be used for communication with the LDAP server. The default is 389. |
Secondary Server |
The CN domain name or IP address of the secondary LDAP server. |
Secure |
The security protocol to be used for authentication: starttls—Use StartTLS. disable—No SSL. ldaps—Use LDAPS. |
Server |
Required. The CN domain name or IP address of the LDAP server. |
Server Identity Check |
Enable or disable whether the server identity is checked. |
IP |
The source IPv4 address for communications to LDAP server. |
SSL_MIN_Protocol Version |
The minimum supported protocol version for SSL/TLS connections. SSLv3—SSLv3. default—Follow system global setting. TLSv1—TLSv1. TLSv1-2—TLSv1.2. |
Tertiary Server |
The CN domain name or IP address of the tertiary LDAP server. |
Type |
Authentication type for LDAP searches: anonymous—Bind using anonymous user search. simple—Simple password authentication without search. regular—Bind using user name and password and then search. |
Username |
User name (full DN) for initial binding. |