Configuring LDAP Authentication

You can configure LDAP authentication at initial setup, or from the Settings area of the interface:

  • While in the setup wizard, at Step 2: Specify or Discover Devices to Monitor, click LDAP Setup (located at the bottom right of the wizard panel).
  • From the interface, select ADVANCED > LDAP and click the Add icon.

The first panel (Add LDAP Servers) of the LDAP Configuration wizard appears.

Figure 31. LDAP Configuration Wizard (Add LDAP Servers) LDAP Configuration Wizard (Add LDAP Servers)
  1. Enter information and make selections:
    • Host- Enter the host name or IP address of an Active Directory global catalog server (for Active Directory authentication) or the host name or IP address of an LDAP server (for Other LDAP server types).
    • Port- Optionally, change the server port number. By default, the port number is 389.
    • SSL- Select if using SSL. When you select this option, the default port number adjusts to 636.
    • Skip cert verification?- If you are using a self-signed certificate, select this check box to skip its verification. Requires OpenLDAP 2.4 or higher.
  2. Optionally, click Add Server to add another LDAP server. To remove a server from the list, click Remove.
  3. Enter information and make selections in the Manager Credentials area:
    • Server Type- Select a server type (Active Directory or Other LDAP).
    • Manager DN- Enter the distinguished name of a user in the domain administrators group. An example that follows the user's base DN is:
      cn=admin,cn=users,dc=example,dc=com
    • Manager Password- Enter the password for the Manager DN.
  4. Optionally, click Validate to ensure your setup is valid.
  5. Click Next. The second panel (Configure LDAP Plugin) of the LDAP Configuration wizard appears.
    Figure 32. LDAP Configuration Wizard (Configure LDAP Plugin)

    ../images/LDAP_Configuration_Wizard_2.png

  6. Enter information and make selections:
    • Login Name Attribute- Select the LDAP record attribute used as the user name.
    • Users Base DN- Enter the user's base distinguished name. For example, if your domain is ad.example.com, then your user's base DN might be:
      dc=Users,dc=example,dc=com
    • Groups Base DN- Enter the DN for the branch of your LDAP database that contains group records. These group records are of the LDAP class "groupOfUniqueNames," and the entry CN attribute constitutes the group name.
    • User Filter- Specify a free-form LDAP filter expression to be added to the default user search filter. The default user search filter and this additional search filter are combined as an AND expression. Records must satisfy both filters to be found using the various user searches. Any value specified in this field must follow correct LDAP search filter syntax.
    • Group Filter- Specify a free-form LDAP filter expression to be added to the default group search filter. The default group search filter and this additional search filter are combined as an AND expression. Records must satisfy both filters to be found using the various group searches. Any value specified in this field must follow correct LDAP search filter syntax.
    • Default User Roles- Specify one or more roles (by multi-selecting from the drop-down list) to be given to all users authenticated from your LDAP tree. Zope expects all users - anonymous as well as authenticated - to have the role Anonymous.
  7. Click Next. The third panel (Map LDAP Groups to Local Groups) of the LDAP Configuration wizard appears.
    Figure 33. LDAP Configuration Wizard (Map LDAP Groups to Local Groups)

    ../images/LDAP_Configuration_Wizard_3.png

  8. Enter information and make selections:
    • Map LDAP Groups to Roles?- Select this option if you want to control user roles within the Resource Manager Web interface by using Active Directory groups, instead of controlling the roles directly from within the system.
    • Group- Select the LDAP group to map to a Resource Manager role.
    • Role- Select the Resource Manager role to map the LDAP group.
  9. Optionally, click Add Group Mapping to map another group. To remove a mapped group, click Remove.
  10. Click Finish to complete LDAP configuration.

After setup, you can edit your LDAP configuration settings from the Settings, Configuration Options, and Mappings tabs.

The Search tab allows you to locate user records on your LDAP server. Select from the list of search parameters, and optionally enter a search term, and then click Search. Search results return on the lower portion of the page.

Figure 34. LDAP Configuration - Search

../images/LDAP_Configuration_Search.png