LDAP Settings
IPM supports LDAP and local users. Before an LDAP user can access IPM, you first need to configure the LDAP server settings.
Configure LDAP Server Settings
From the Settings page, click LDAP Settings to access the LDAP Settings page.
The LDAP Settings page is displayed.
Edit the following information in the LDAP Setting page:
Table 40. LDAP Settings ParametersSettings
Parameter
Definition
Connection
Name
User-defined name for the LDAP server. Required.
Hostname
IP address or hostname of the LDAP server. If digest-MD5 or cram-MD5 is being used, Hostname has to be a DNS name, not IP address. Required.
Port
LDAP port number, this field is automatically completed when the Auth Method is selected. You can override the default port after selecting the Auth Method. Required.
Search Base
Starting point for the LDAP search in the directory tree. Required.
Auth Method
Choose one of the following LDAP authentication methods: none, simple, digest-MD5, and cram-MD5. Required.
Realm
Realm is required when both MD5 and multiple domains are used. Otherwise, leave field blank. Only one realm is supported.
Username
Username, that has suitable permissions to query the LDAP server.
Password
Password for Username.
Use SSL Check box
Use SSL when this check box is checked.
Certificate File
Upload a certificate in Base64 encoding for LDAP using standard upload procedure.
Template
Template
Choose Active Directory, Generic LDAP Server, or Posix.
User Mapping
Base DN
Base DN that contains user entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find user under "ou=people,dc=vi,dc=com".
Object Class
Default value depends on what template user selects:
For Active Directory: “sAMAccountName”, for Generic LDAP Server : “inetOrgPerson” and for Posix : “posixAccount”.
User ID Attribute
Supplies the User ID.
Real Name Attribute
Supplies the real name of the user.
Email Attribute
Supplies the email address of the user.
Group Mapping
Base DN
Base DN that contains group entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find group under "ou=people,dc=vi,dc=com".
Object Class
Default value depends on what template user selects: for Active Directory : “group”, for generic LDAP Server : “organizationalUnit”, for Posix : “posixGroup”.
Real Name Attribute
Supplies the real name of the group.
Membership Schema
Group Membership Attribute
Attribute name of the group entity of the LDAP server that defines the users belong to it. The default value is "memberUid" for Posix, and "member" for all others.
User Membership Attribute
Attribute name of the user entity of the LDAP server that defines the groups to which it belongs. The default value is "memberOf".
Use the Authenticate button to verify the test settings.
Click the Save button to verify and save the settings.
You are returned to the Settings page.