Configure the LDAP Server

Configuring LDAP is optional. If you do not have an LDAP environment, you can configure local users and groups.

Steps

  1. Click username (Administrator) > Configuration Checklist.

    vw-scrn-admin-menu-config-checklist.png
  2. Click Configure LDAP Server.

    The LDAP Settings page displays from the Settings tab.

  3. Enter the following information for:

    Settings

    Parameter

    Definition

    Connection

    Name

    User-defined name for the LDAP server. Required.

    Hostname

    IP address or hostname of the LDAP server. If digest-MD5 or cram-MD5 is being used, Hostname has to be a DNS name, not IP address. Required.

    Port

    LDAP port number, this field is automatically completed when the Auth Method is selected. You can override the default port after selecting the Auth Method. Required.

    Search Base

    Starting point for the LDAP search in the directory tree. Required.

    Auth Method

    Choose one of the following LDAP authentication methods: none, simple, digest-MD5, and cram-MD5. Required.

    Realm

    Realm is required when both MD5 and multiple domains are used. Otherwise, leave field blank. Only one realm is supported.

    Username

    A user who has suitable permissions to query the LDAP server.

    Password

    Password for Username.

    Use SSL Check box

    Use SSL to enable encrypted communication when this check box is checked.

    Certificate File

    If SSL is checked, upload a certificate in Base64 encoding for LDAP.

    Template

    Template

    Choose Active Directory, Generic LDAP Server, or Posix.

    User Mapping

    Base DN

    Base DN that contains user entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find user under "ou=people,dc=vi,dc=com".

    Object Class

    Default value depends on what template user selects:

    For Active Directory: “user”, for Generic LDAP Server: “inetOrgPerson” and for Posix: “posixAccount”.

    User ID Attribute

    Default value depends on what template user selects:

    For Active Directory: “sAMAccountName”, for Generic LDAP Server: “uid” and for Posix: “uid”.

    Real Name Attribute

    Default value is “cn” for all templates.

    Email Attribute

    Supplies the email address of the user.

    Group Mapping

    Base DN

    Base DN that contains group entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find group under "ou=people,dc=vi,dc=com".

    Object Class

    Default value depends on what template user selects: for Active Directory : “group”, for generic LDAP Server : “organizationalUnit”, for Posix : “posixGroup”.

    Real Name Attribute

    Supplies the real name of the group.

    Membership Schema

    Group Membership Attribute

    Attribute name of the group entity of the LDAP server that defines the users that belong to it. The default value is "memberUid" for Posix, and "member" for all others.

    User Membership Attribute

    Attribute name of the user entity of the LDAP server that defines the groups to which it belongs. The default value is "memberOf".

  4. Click Authenticate to verify the test settings.

  5. Click Save.

    The settings are verified again when saved.