{{sidenavigation.sidenavigationExpandLabel}}
{{getMsg('Help_YouAreHere')}}: {{page.title}} {{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}} {{helpModel.downloadHelpPdfDataStatus}}

LDAP Authentication

With this login type an LDAP server will be used for authentication. The list of URLs represents a connection to the same replicated LDAP environment on different servers. The list will be checked top down if a server is not accessible, e.g. due to updates.

LDAP servers will searched in the DNS of the current domain using the keys _ldap._tcp.<domain> and _ldaps._tcp.<domain> if the list is left empty.

Sample login URLs look like: ldap://MyLdapServer:389/ or ldaps://MyLdapServer:636/ (with SSL).

The authentication provider supports both, the Active Directory LDAP and OpenLDAP v3 backends. An AD backend automatically authenticates users, while OpenLDAP requires the following filters:

# OpenLDAP user search filter
(&(objectClass=person)(uid=<username>))

User groups are determined using the memberOf and primaryGroupId attributes of a user, meaning that groups of a will only be determined after the user successfully authenticated. The search query for user, used to load the available roles, includes a filter for AD as well:

# AD / OpenLDAP user search filter for determining groups
(|(&(objectCategory=person)(sAMAccountName=<username>))(&(objectClass=person)(uid=<username>)))

Default Domain

The Default Domain is used in Windows environments to prefix the username during authentication in the form <WINDOWS DOMAIN NAME>\<username>. It allows users to log in to a Windows domain without prefixing the username with that domain.

Note: The domain should usually be specified as a Windows 2000 variant. The specific value can be found in the Active Directory in a user's settings.

  • Default value: empty

Bind User / Bind Password

The Bind User and Password is an advanced option and may be required to search for user entries in the AD / OpenLDAP that does not allow anonymous binding. The Bind User has to be given in DN notation, e.g. cn=service,dc=mydomain,dc=local.

  • Default value: empty (anonymous authentication)

Base DN

The Base DN is an advanced option and allows to set a distinguished name that should be used as search base for users and groups.

  • Default value: empty (will be determined automatically)

User RDN

The User RDN is an advanced option and allows to set a distinguished name relative to the Base DN that should be used as search base for users.

  • Default value: empty (Base DN is used)

Groups RDN

The Groups RDN is an advanced option and allows to set a distinguished name relative to the Base DN that should be used as search base for groups.

  • Default value: empty (Base DN is used)
i-net PDFC
This application uses cookies to allow login. By continuing to use this application, you agree to the use of cookies.


Help - LDAP Authentication