LDAP Settings

The LDAP page of the System Configuration window includes login validation settings required to use the Lightweight Directory Access Protocol.

Tip            For more information, see Configuring LDAP User Authentication.

system_configuration_ldap.png

 

LDAP uses a principal name to authenticate. The principal name is formed from the username: prefix + username + suffix. The exact format of the principal name varies based on the type of LDAP server, and the domain.

·         For Active Directory, the prefix should be the (uppercase) domain followed by \\ (example: MY-DOMAIN\\) and the suffix should be blank.

·         For OpenLDAP, the prefix should be: uid=

The suffix should be changed to reflect the actual domain. So for my-domain.com, this would be: ,dc=my-domain,dc=com

The following table describes the LDAP settings:

System Configuration LDAP Settings

Field or Option

Description

Enable LDAP

Click the check box to enable or disable LDAP support.

LDAP server URL

URL of the LDAP server which must begin with ldap:// 

Example: ldap://192.168.1.1

Principal suffix

Appended to the username for authentication. See above.

Principal prefix

Prepended to the username for authentication. See above.

Search root

LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found.

·         For Active Directory, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com.

·         For OpenLDAP, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com.

LDAP version

An advanced setting that generally should be left unchanged.

JNDI authentication type

An advanced setting that generally should be left unchanged as simple.

JNDI factory

An advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory

Note      Changes to system configuration settings do not take effect until you log out (select Logout from the Options menu) and log back into the ICPAM application.

 

See also:

System Configuration Settings