Enter / select your LDAP Settings, using the field descriptions below as a guide.

• Required fields display an asterisk ( * ) after the field name.
• Default values for fields, if available, display automatically.

This section contains information on the LDAP connection.

URL

Distinguished Name (DN) or User ID used for initial access to the LDAP server.

Bind Password

Password associated with the Bind ND or User.

Use for Authentication

If enabled, indicates that LDAP will be used for password authentication.

Allow Local Login

If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the Use for Authentication 63584749 field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization.
 
This option is intended only to provide temporary access while an LDAP directory is unavailable.
 
An administrator will need to update the local account password for any LDAP-synchronized user who requires temporary local account login, as the provisioned password would be unknown.

This section contains search information.

Starting point for searching the directory. For example: dc=stonebranch,dc=com. If you do not specify a Base DN, the search starts as the root of the directory tree.

User Id Attribute

LDAP attribute for the specified User ID.
 
Options:

• sAMAccountName
• cn
• uid
• Other...

User Filter

Search filter for users.
 
If you do not specify a User Filter, the server uses (&(objectClass=user)(objectCategory=person)).

Single- or multi-level target OU's (Organizational Units) within the Base DN 63584749 directory to filter for user records.
 
For example, OU=Employees or OU=Employees,OU=Users.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN 63584749 will be searched.

Group Filter

Search filter for groups.
 
If you do not specify a Group Filter, the server uses (&(objectClass=group)(objectCategory=group)).

Single- or multi-level target OU's within the Base DN 63584749 directory to filter for group records.
 
For example, OU=Universal Controller or OU=Universal Controller,OU=Groups.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN 63584749 will be searched.

This section contains advanced information.

Connection Timeout (Seconds)

Timeout for connecting to the LDAP server.

Read Timeout (Seconds)

Timeout for reading from the LDAP server.

User Membership Attribute

LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the uc.ldap.users.synchronize_indirect Universal Controller start-up property.

Group Member Attribute

LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the uc.ldap.groups.update_members Universal Controller start-up property.

Login Method

Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time.
 
(You can use the Ctrl key to select both methods.)
 
Options:

• Standard
• Single Sign-On

This section identifies the buttons displayed above and below the LDAP Settings that let you perform various actions.

Update

After saving the LDAP Settings to the database, click Test Connection to run a connection test.

Refresh

Refreshes any dynamic data displayed in the LDAP Settings.

This section identifies the tabs across the top of the LDAP Settings page that provide access to additional information about the LDAP Settings.

Mappings

List of User and Group columns mapped to LDAP attributes that enables you to customize how the User/Group records get populated from LDAP.