Specify the LDAP server settings needed to configure the LDAP server connection and user authentication, as described in the following instructions.
Step 1 Choose the Admin > System Configuration command.
Step 2
On the resulting System Configuration window, select the LDAP
item in the left pane.
Step 2 Enter the LDAP user authentication settings.
The LDAP configuration depends on the authentication mode selected:
· User principal name (recommended method). The user principal name is unique within the organization.
· sAMAccountName: The samaccount username is unique only in the search domain.
LDAP uses a principal name to authenticate, which is built from the username in the form:
prefix + username + suffix
The exact format of the principal name varies
based on the type of LDAP server, and the domain. For OpenLDAP, the prefix
should be: uid= and the suffix should be changed to reflect the actual
domain.
So for my-domain.com, this would be:
dc=my-domain,dc=com
For more information, see the following topics:
· LDAP Example: User Principal Name
· LDAP Example: sAMAccountName
Step 3 Enter the other LDAP server settings:
Option |
Description |
Enable LDAP |
Click this check box to toggle between enabling or disabling LDAP support. |
LDAP server URL |
Type the URL of the LDAP server, which must begin with ldap:// Example: ldap://192.168.1.1:389 Note: 389 is the port number. |
Principal suffix |
Specify the suffix which will be appended to the username to create the principal name for authentication. |
Principal prefix |
Specify the prefix which will be prepended to the username to create the principal name for authentication. |
Search root |
Specify the LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found. · For Active Directory, the dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com. · For OpenLDAP, the two dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com. |
LDAP version |
This is an advanced setting that generally should be left unchanged. |
JNDI authentication type |
The is an advanced setting that generally should be left unchanged as simple. |
JNDI factory |
This is an advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory |
Step 4 Stop then restart the ICPAM application from the Web admin page to enable the changes.
See also:
Configuring LDAP User Authentication