LDAP Authentication

 Top  Previous  Next

To enable LDAP authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select LDAP authentication section.

4.Set the Use LDAP authentication flag.

5.Click Save.

6.Restart the Server to apply changes.

You can configure authentication using LDAP protocol at any LDAP server. Also you can use this mechanism to configure the Server under UNIX system-based OS for authentication in Active Directory on a domain controller.

Settings of LDAP authentication are stored in the auth-ldap.xml configuration file.

General xml attributes are described in the Appendices document, in the Appendix C2 section.

Unlike to Active Directory, this mechanism can be configures to any LDAP scheme. By default Server attributes are used as they were defined for Active Directory.

LDAP authentication process can be presented as the following:

1.LDAP server address is specified via the Control Center or xml configuration file.

2.For the specified user name, the following actions are performed:

Translation of name to the DN (Distinguished Name) using DOS-like masks (with * symbol), if rules are specified.

Translation of name to the DN using regular expressions, if rules are specified.

Custom script for translation of name to the DN is used, if it is specified in settings.

If matches in translation rules are not found, specified name is used as it is.

Format of user names specifying is not predefined and not fixed—it can be any as it is accepted in the company, i.e. forced modification of LDAP scheme is not demanded. Translation according given scheme is performed using rules of translation of names to LDAP DN.

3.After translation, like for the Active Directory, attempt of the user registration at the specified LDAP server using determined DN and specified password is performed.

4.After this, like for the Active Directory, LDAP object attributes are read for the determined DN. Attributes and their possible values can be redefined in the configuration file.

5.If undefined values of administrator attributes are found, and inheriting is specified (in the configuration file), the search of needed attributes in the user groups is the same as in the Active Directory.