Account Settings
When adding a new user directory, the first step is to configure the "User Directory Account Settings."
Required Fields:
| Setting | Description |
|---|---|
| Server Address | Address of the user directory server from where the users will be synchronized. |
| Port | The port used to connect to the user directory default port for LDAP is 389; for LDAPS, 636. |
| Authentication Protocol | Unsecure: Use basic authentication (simple bind). Less unsecure: Request secure authentication. Note: AD DS uses Kerberos and possibly NTLM. Secure communication: Uses cryptographic signatures to ensure that the senders of messages are identified and content remains intact during transit. Note: AD DS requires Certificate Server for Secure Sockets Layer (SSL)/TLS encryption. |
| Username | Username of a user in the user directory with read permissions. |
| Password | Password for the specified user. |
| User Directory Type | Active Directory: Integrate with active directory. LDAP Directory: Integrate with any custom user directory that supports LDAP protocol. Note: Integration with LDAP directory requires additional fields. |
Click "Continue" to Synchronization and Login Configuration after filling out the required information.
LDAP Directory Configuration
If LDAP Directory is selected, additional configuration fields are required in "Account Configuration" to connect and synchronize an LDAP directory.
If the administrator user for LDAP connection is not a part of the base DN, specify the full distinguished name in the "Username" field.
(eg. cn=Administrator,cn=Users,dc=example,dc=com)
Configuring an LDAP user directory:
| Attribute | Description |
|---|---|
| Base DN | The DN from where all users can be reached (e.g. dc=CompanyName,dc=com) |
| User Object Class | The name of the object class (objectClass) for user objects. (e.g. posixAccount or person) |
| Object Unique Identifier Attribute | The name of the LDAP attribute that uniquely identifies an entry (e.g. entryUUID or objectGUID) |
| User Email Attribute | The name of the LDAP attribute containing user emails (e.g. mail or email) |
| User Display Name Attribute | The name of the LDAP attribute for the display name of users. (e.g. cn, uid or sAMAccountName) |
| Group Object Class | The name of the object class (objectClass) that is for group objects (e.g. posixGroup or group) |
| Organizational Unit Object Class | The name of the object class (objectClass) for organizational unit objects (e.g. organizationalUnit or ou) |
Only LDAP attributes should be provided in this configuration step. Aliases are not recognized.
Click "Continue" to Synchronization and Login Configuration after filling out the required information.