Skip to main content

LDAP Settings

IPM supports LDAP and local users. Before an LDAP user can access IPM, you first need to configure the LDAP server settings.

Configure LDAP Server Settings

  1. From the Settings page, click LDAP Settings to access the LDAP Settings page.

    The LDAP Settings page is displayed.

  2. Edit the following information in the LDAP Setting page:

    Table 36. LDAP Settings Parameters

    Settings

    Parameter

    Definition

    Connection

    Name

    User-defined name for the LDAP server. Required.

    Hostname

    IP address or hostname of the LDAP server. If digest-MD5 or cram-MD5 is being used, Hostname has to be a DNS name, not IP address. Required.

    Port

    LDAP port number, this field is automatically completed when the Auth Method is selected. You can override the default port after selecting the Auth Method. Required.

    Search Base

    Starting point for the LDAP search in the directory tree. Required.

    Auth Method

    Choose one of the following LDAP authentication methods: none, simple, digest-MD5, and cram-MD5. Required.

    Realm

    Realm is required when both MD5 and multiple domains are used. Otherwise, leave field blank. Only one realm is supported.

    Username

    Username, that has suitable permissions to query the LDAP server.

    Password

    Password for Username.

    Use SSL Check box

    Use SSL when this check box is checked.

    Certificate File

    Upload a certificate in Base64 encoding for LDAP using standard upload procedure.

    Template

    Template

    Choose Active Directory, Generic LDAP Server, or Posix.

    User Mapping

    Base DN

    Base DN that contains user entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find user under "ou=people,dc=vi,dc=com".

    Object Class

    Default value depends on what template user selects:

    For Active Directory: “sAMAccountName”, for Generic LDAP Server : “inetOrgPerson” and for Posix : “posixAccount”.

    User ID Attribute

    Supplies the User ID.

    Real Name Attribute

    Supplies the real name of the user.

    Email Attribute

    Supplies the email address of the user.

    Group Mapping

    Base DN

    Base DN that contains group entries. Base DN is concatenated to prefix of Search Base, for example, if Base DN "ou=people" and Search Base is "dc=vi,dc=com", the application tries to find group under "ou=people,dc=vi,dc=com".

    Object Class

    Default value depends on what template user selects: for Active Directory : “group”, for generic LDAP Server : “organizationalUnit”, for Posix : “posixGroup”.

    Real Name Attribute

    Supplies the real name of the group.

    Membership Schema

    Group Membership Attribute

    Attribute name of the group entity of the LDAP server that defines the users belong to it. The default value is "memberUid" for Posix, and "member" for all others.

    User Membership Attribute

    Attribute name of the user entity of the LDAP server that defines the groups to which it belongs. The default value is "memberOf".



  3. Use the Authenticate button to verify the test settings.

  4. Click the Save button to verify and save the settings.

    You are returned to the Settings page.