Skip to content

Configuring LDAP authentication

Use pages of the LDAP configuration wizard to configure authentication.

  1. On the LDAP configuration wizard Add LDAP Servers page, specify the host and manager credentials.

    • Host - Enter the host name or IP address of an Active Directory global catalog server (for Active Directory authentication) or an LDAP server (for other LDAP server types).
    • Port - Optionally, change the server port number. By default, the port number is 389.
    • SSL - Choose if you are using SSL. When you choose this option, the default port number adjusts to 636.
    • Skip cert verification? - If you are using a self-signed certificate, choose this check box to skip its verification. Requires OpenLDAP 2.4 or later.
    • Optional: To add another LDAP server, click Add Server. To remove a server from the list, click Remove.
    • In the Manager Credentials area, provide the following information:
    • Server Type

    • Manager DN- Enter the distinguished name of a manager user in the domain administrators group. For example, the user's base DN:

      cn=admin,cn=users,dc=example,dc=com
      
    • Manager Password

    • To ensure that your setup is valid, click Validate.
    • Click Next.
    • On the Configure LDAP Plugin page, the configuration ID field is populated with the host name that you provided. Specify user and group information.

    • Login Name Attribute - Choose the LDAP record attribute that is used as the user name. To add attributes, use the Mappings page of the LDAP configuration area (ADVANCED > LDAP).

    • Users Base DN - For example, if your domain is ad.example.com, then your users base DN might be:

      dc=Users,dc=example,dc=com
      
    • Groups Base DN

    • User Filter and Group Filter - Using correct LDAP search filter syntax, specify free-form LDAP filter expressions to be added to the default user and the default group search filters. The default search filters and the additional search filters are combined as an AND expression. For the searches to return a record, the record must satisfy both filters.

    • Default User Roles - From the drop-down list, select roles to be given to all users that are authenticated from your LDAP tree. Zope expects all users, anonymous and authenticated, to have the role Anonymous.

    • Click Next.
    • On the Map LDAP Groups to Local Groups page, provide group and role information.

    • Map LDAP Groups to Roles? - Choose this option if you want to control user roles within the Resource Manager browser interface by using Active Directory groups, instead of controlling the roles directly from within the system. Add the following groups to LDAP:
      • Resource Manager Managers
      • Resource Manager Users
    • Group - Choose the LDAP group to map to a Resource Manager role.
    • Role - Choose the Resource Manager role to map the LDAP group.
    • To map another group, click Add Group Mapping. To remove a mapped group, click Remove.
    • Click Finish.

After setup, you can edit LDAP configuration settings from the Settings, Configuration Options, and Mappings tabs.