LDAP

Last modified by superadmin on 24.01.2017

In addition to the internal user administration, it is possible to compile user information (master data + authentication) via LDAP (MS Active Directory). This option is activated in "logon settings for users" of the client settings and is available only when using a relevant license.Furthermore, the Server to be connected to LDAP objects of the "user" type must be returned at least using the attribute "User Principal Name". Unlike internal users, the master data and password of LDAP users can not be changed. This occurs by means of the appropriate standard application.

Configuring the LDAP server on the client

  • In the section Loginsettings for users within the client settings it is necessary to change the user management to only LDAP or LDAP and System in order to manage users from an LDAP system. Consequently, the connection to the LDAP server is configured:
    • LDAP-Server Name or IP adress of the LDAP server
    • Port: Communication port of the LDAP server
    • Entries per page (paging): Indicates how many LDAP server entries are expected per page. A value of 0 disables this and the server will expect all values
    • Max. Reference-jumps: Specifies the maximum number of times reference-jumps (Referral hops) are permitted on the LDAP server. A value of 0 disables the tracking of references
    • SSL encryption: Indicates whether the transport with the LDAP server can/should be carried out using SSL.
    • Users for the user search This account must have the right to send search queries (user object) to the LDAP server. See also create user.
    • Password User password for logging in to the LDAP server.
    • BaseDN for user searc BaseDN to search for users who are to be  authenticated. Example: ou="intern", dc="firma", dc="de"
    • Filter queryOptional LDAP filters to apply further restrictions within the set of user objects (tutorial)

It is already possible to test the entered data before saving. The "Connection Test" button tests whether a connection to the LDAP server can be set up successfully and indicates the number of user objects found.


Created by superadmin on 20.05.2015
Translated into en by superadmin on 07.07.2016
  
Copyright 2000-2016