...
You can set up Universal Controller to use LDAP authentication for:
Anchor | ||||
---|---|---|---|---|
|
...
Step 1 | From the Administration navigation pane, select Configuration > LDAP Settings. The LDAP Settings page displays. |
---|---|
Step 2 | Enter / select your LDAP Settings, using the field descriptions below as a guide.
|
Step 3 | Click the button. |
...
Field Name | Description | ||||||
---|---|---|---|---|---|---|---|
Connection | This section contains information on the LDAP connection. | ||||||
URL | URL of the LDAP connection. For example:
To use SSL/TLS encryption (
| ||||||
| Distinguished Name (DN) or User ID used for initial access to the LDAP server. | ||||||
Bind Password | Password associated with the Bind ND or User. | ||||||
Use for Authentication | If enabled, indicates that LDAP will be used for password authentication. | ||||||
Allow Local Login | If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the Use for Authentication 63584749 field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization. | ||||||
Search | This section contains search information. | ||||||
| Starting point for searching the directory. For example: | ||||||
User Id Attribute | LDAP attribute for the specified User ID.
| ||||||
User Filter | Search filter for users. | ||||||
User Target OU List | Single- or multi-level target OU's (Organizational Units) within the Base DN 63584749 directory to filter for user records. | ||||||
Group Filter | Search filter for groups. | ||||||
Group Target OU List | Single- or multi-level target OU's within the Base DN 63584749 directory to filter for group records. | ||||||
Advanced | This section contains advanced information. | ||||||
Connection Timeout (Seconds) | Timeout for connecting to the LDAP server. | ||||||
Read Timeout (Seconds) | Timeout for reading from the LDAP server. | ||||||
User Membership Attribute | LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the | ||||||
Group Member Attribute | LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the | ||||||
Login Method | Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time.
| ||||||
Buttons | This section identifies the buttons displayed above and below the LDAP Settings that let you perform various actions. | ||||||
Update |
| ||||||
| After saving the LDAP Settings to the database, click Test Connection to run a connection test. | ||||||
Refresh | Refreshes any dynamic data displayed in the LDAP Settings. | ||||||
Tabs | This section identifies the tabs across the top of the LDAP Settings page that provide access to additional information about the LDAP Settings. | ||||||
Mappings | List of User and Group columns mapped to LDAP attributes that enables you to customize how the User/Group records get populated from LDAP. |
...
You specify the User and Group Target OUs relative from the Base DN 63584749. In this case, the Base DN would be OU=Corporate,DC=stonebranch,DC=com.
For the User Target OU List 63584749 LDAP Settings field, you would have the following entries:
OU=NorthAmerica,OU=CorporateUsers |
OU=Students |
For the Group Target OU List 63584749 LDAP Settings field, you would have the following entries:
...
Once LDAP configuration has been completed, you can utilize the LDAP Refresh server operation to verify your configuration.
...
When these configurations have been made, use ldaps://
for the URL prefix in the LDAP Settings Field Descriptions 63584749.