Configuring the LDAP Server

Specify the LDAP server settings needed to configure the LDAP server connection and user authentication, as described in the following instructions.

Step 1            Choose the Admin > System Configuration command.

Step 2   On the resulting System Configuration window, select the LDAP item in the left pane.

Step 2            Enter the LDAP user authentication settings.

The LDAP configuration depends on the authentication mode selected:

·         User principal name (recommended method). The user principal name is unique within the organization.

·         sAMAccountName: The samaccount username is unique only in the search domain.

LDAP uses a principal name to authenticate, which is built from the username in the form:

prefix + username + suffix

The exact format of the principal name varies based on the type of LDAP server, and the domain. For OpenLDAP, the prefix should be: uid= and the suffix should be changed to reflect the actual domain.
So for my-domain.com, this would be:

dc=my-domain,dc=com

For more information, see the following topics:

·         LDAP Example: User Principal Name

·         LDAP Example: sAMAccountName

Step 3            Enter the other LDAP server settings:

Option

Description

Enable LDAP

Click this check box to toggle between enabling or disabling LDAP support.

LDAP server URL

Type the URL of the LDAP server, which must begin with ldap:// 

Example: ldap://192.168.1.1:389

Note:  389 is the port number.

Principal suffix

Specify the suffix which will be appended to the username to create the principal name for authentication.

Principal prefix

Specify the prefix which will be prepended to the username to create the principal name for authentication.

Search root

Specify the LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found.

·         For Active Directory, the dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com.

·         For OpenLDAP, the two dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com.

LDAP version

This is an advanced setting that generally should be left unchanged.

JNDI authentication type

The is an advanced setting that generally should be left unchanged as simple.

JNDI factory

This is an advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory

Step 4            Stop then restart the ICPAM application from the Web admin page to enable the changes.

 

See also:

Configuring LDAP User Authentication