Configuring LDAP authentication
On the LDAP configuration wizard Add LDAP Servers page, specify
the host and manager credentials.
- Host- Enter the host name or IP address of an Active Directory global catalog server (for Active Directory authentication) or an LDAP server (for other LDAP server types).
- Port- Optionally, change the server port number. By default, the port number is 389.
- SSL- Choose if you are using SSL. When you choose this option, the default port number adjusts to 636.
- Skip cert verification?- If you are using a self-signed certificate, choose this check box to skip its verification. Requires OpenLDAP 2.4 or later.
- Optional: To add another LDAP server, click Add Server. To remove a server from the list, click Remove.
In the Manager Credentials area, provide the following
- Server Type
Manager DN- Enter the distinguished name of a manager user in the domain
administrators group. For example, the user's base DN:
- Manager Password
- To ensure that your setup is valid, click Validate.
- Click Next.
On the Configure LDAP Plugin page, the configuration ID field is
populated with the host name that you provided. Specify user and group information.
Login Name Attribute- Choose the LDAP record attribute that is used as the
To add attributes, use the Mappings page of the LDAP configuration area ( ).
Users Base DN - For example, if your domain is ad.example.com, then your
users base DN might be:
- Groups Base DN
- User Filter and Group Filter - Using correct LDAP search filter syntax, specify free-form LDAP filter expressions to be added to the default user and the default group search filters. The default search filters and the additional search filters are combined as an AND expression. For the searches to return a record, the record must satisfy both filters.
- Default User Roles- From the drop-down list, select roles to be given to all users that are authenticated from your LDAP tree. Zope expects all users, anonymous and authenticated, to have the role Anonymous.
- Login Name Attribute- Choose the LDAP record attribute that is used as the user name.
- Click Next.
On the Map LDAP Groups to Local Groups page, provide group and
Map LDAP Groups to Roles?- Choose this option if you want to control user
roles within the Resource Manager browser interface by using Active
Directory groups, instead of controlling the roles directly from within the
Add the following groups to LDAP:
- Resource Manager Managers
- Resource Manager Users
- Group- Choose the LDAP group to map to a Resource Manager role.
- Role- Choose the Resource Manager role to map the LDAP group.
- Map LDAP Groups to Roles?- Choose this option if you want to control user roles within the Resource Manager browser interface by using Active Directory groups, instead of controlling the roles directly from within the system.
- To map another group, click Add Group Mapping. To remove a mapped group, click Remove.
- Click Finish.