...
Anchor | ||||
---|---|---|---|---|
|
Step 1 | From the Administration navigation pane, select Configuration > LDAP Settings. The LDAP Settings page displays. |
---|---|
Step 2 | Enter / select your LDAP Settings, using the field descriptions below as a guide.
|
Step 3 | Click the Update button. |
...
Note | ||
---|---|---|
| ||
In order to log in to the Controller using LDAP, you must set the LDAP Synchronization Enabled Universal Controller System property (Administration > Configuration > Properties in the Controller user interface) to true. |
...
Field Name | Description | ||||||
---|---|---|---|---|---|---|---|
Connection | This section contains information on the LDAP connection. | ||||||
URL | URL of the LDAP connection. For example: To use SSL/TLS encryption (
| ||||||
| Distinguished Name (DN) or User ID used for initial access to the LDAP server. | ||||||
Bind Password | Password associated with the Bind ND or User. | ||||||
Use for Authentication | If enabled, indicates that LDAP will be used for password authentication. | ||||||
Allow Local Login | If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the LDAP Settings#Use Use for Authentication field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization. | ||||||
Search | This section contains search information. | ||||||
| Starting point for searching the directory. For example: | ||||||
User Id Attribute | LDAP attribute for the specified User ID.
| ||||||
User Filter | Search filter for users. | ||||||
User Target OU List | Single- or multi-level target OU's (Organizational Units) within the LDAP Settings#Base Base DN directory to filter for user records. | ||||||
Group Filter | Search filter for groups. | ||||||
Group Target OU List | Single- or multi-level target OU's within the LDAP Settings#Base Base DN directory to filter for group records. | ||||||
Advanced | This section contains advanced information. | ||||||
Connection Timeout (Seconds) | Timeout for connecting to the LDAP server. | ||||||
Read Timeout (Seconds) | Timeout for reading from the LDAP server. | ||||||
User Membership Attribute | LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the | ||||||
Group Member Attribute | LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the | ||||||
Login Method | Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time.
| ||||||
Buttons | This section identifies the buttons displayed above and below the LDAP Settings that let you perform various actions. | ||||||
Update |
| ||||||
| After saving the LDAP Settings to the database, click Test Connection to run a connection test. | ||||||
Refresh | Refreshes any dynamic data displayed in the LDAP Settings. | ||||||
Tabs | This section identifies the tabs across the top of the LDAP Settings page that provide access to additional information about the LDAP Settings. | ||||||
Mappings | List of User and Group columns mapped to LDAP attributes that enables you to customize how the User/Group records get populated from LDAP. |
...
You specify the User and Group Target OUs relative from the LDAP Settings#Base Base DN. In this case, the Base DN would be OU=Corporate,DC=stonebranch,DC=com.
For the LDAP Settings#User User Target OU List LDAP Settings field, you would have the following entries:
OU=NorthAmerica,OU=CorporateUsers |
OU=Students |
For the LDAP Settings#Group Group Target OU List LDAP Settings field, you would have the following entries:
...
1 | Do not explicitly specify a value for the Group search filter. |
---|---|
2 | Do not specify any target Group OUs (organizational units). |
3 | Ensure that the Universal Controller Start-up Properties file ( |
...
It requires setting up a truststore (keystore) and setting the following properties in the Universal Controller Start-up Properties (uc.properties) file:
You must make sure that the LDAP server's certificate exists in the truststore that is referenced by these two properties.
When these configurations have been made, use ldaps://
for the URL prefix in the LDAP Settings#LDAP Settings Field Descriptions.