The LDAP page of the System Configuration window includes login validation settings required to use the Lightweight Directory Access Protocol.
Tip For more information, see Configuring LDAP User Authentication.
LDAP uses a principal name to authenticate. The principal name is formed from the username: prefix + username + suffix. The exact format of the principal name varies based on the type of LDAP server, and the domain.
· For Active Directory, the prefix should be the (uppercase) domain followed by \\ (example: MY-DOMAIN\\) and the suffix should be blank.
· For OpenLDAP, the prefix should be: uid=
The suffix should be changed to reflect the actual domain. So for my-domain.com, this would be: ,dc=my-domain,dc=com
The following table describes the LDAP settings:
System
Configuration LDAP Settings
Field or Option |
Description |
---|---|
Enable LDAP |
Click the check box to enable or disable LDAP support. |
LDAP server URL |
URL of the LDAP server which must begin with ldap:// Example: ldap://192.168.1.1 |
Principal suffix |
Appended to the username for authentication. See above. |
Principal prefix |
Prepended to the username for authentication. See above. |
Search root |
LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found. · For Active Directory, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com. · For OpenLDAP, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com. |
LDAP version |
An advanced setting that generally should be left unchanged. |
JNDI authentication type |
An advanced setting that generally should be left unchanged as simple. |
JNDI factory |
An advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory |
Note Changes to system configuration settings do not take effect until you log out (select Logout from the Options menu) and log back into the ICPAM application.
See also: