To configure LDAP authentication, in the Administration module go to Authentication | LDAP and click New LDAP Settings.
The following table describes the configuration parameters for LDAP connection settings.
LDAP Connection Setting | Description |
---|---|
Enabled | When set, these settings are enabled. |
Settings Name | The unique ID of the LDAP setting. |
LDAP URL | Location of the LDAP server in the following format: The URL should include the base DN used to search for and/or authenticate users. |
Auto Create System Users | When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups. |
Allow Created Users Access To Profile Page | When set, users created after logging in using LDAP will be able to access their profile page. |
Used Page Results | When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration. |
User DN Pattern | A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. The pattern argument { For example:
|
Email Attribute | An attribute that can be used to map a user's email to a user created automatically by the system. |
Search Filter | A filter expression used to search for the user DN that is used in LDAP authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the Possible examples are:
Authentication using LDAP is performed from the DN found if successful. |
Search Base | The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ). This is parameter is optional. |
Secure LDAP Search | Protects against LDAP poisoning by filtering out users exposed to vulnerabilities. |
Search Sub Tree | When set, enables deep search through the sub-tree of the LDAP URL + Search Base. True by default. |
Manager DN | The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf. |
Manager Password | The password of the user binding to the LDAP server when using "search" authentication. |
Test LDAP Connection | Run a LDAP test to validate your settings are correct. |