For Light Directory Access Protocol (LDAP) authenticators, set the following values in the Additional Properties section:
Field | Description |
---|---|
LDAP Schema | The type of LDAP schema: Active Directory, OpenLDAP, or Other LDAP. Selecting an option here changes the default settings in the User Prefix, Email Profile, MemberOf Prefix, Group Object Class, and LDAP Referral fields. |
Enable SSL | Select to enable Secure Socket Layer (SSL) communication between Address Manager and the LDAP server. If you select this option to enable SSL communication, you must import a certificate from the LDAP server to Address Manager as described in Enabling SSL on LDAP. |
Port Number | The TCP port number used for communication between Address Manager and the LDAP default server. |
Search Base | The Search Base Distinguished Name is the location from which the search for
users on the LDAP server begins. For example:
|
User Object Class | This field is mandatory and editable. The user object class locates a LDAP
user. The default value appears depending on the type of server selected in the
LDAP Schema field:
|
User Prefix | The user attribute for user accounts in the LDAP tree. A default value appears
here depending on the type of server selected in the LDAP
Schema field:
You can also replace the default with a custom value if your LDAP configuration uses a value other than one of the defaults listed above. If your LDAP structure uses multiple user prefixes (for example, both cn and sAMAccountName), you need to create one LDAP authenticator for cn and a second LDAP authenticator for sAMAccountName. |
Email Prefix | This field is optional. Specify the variable to be used for the email prefix. A
default value appears here depending on the type of server selected in the LDAP
Schema field:
|
MemberOf Prefix | This field is optional. The attribute that's used to store user-group
membership information. A default value appears here depending on the type of server
selected in the LDAP Schema field:
|
Group Object Class | This field is optional. The object class that can be used to indicate a DN is a
group. A default value appears here depending on the type of server selected in the
LDAP Schema field:
|
LDAP Referral | This field is optional. This environment property indicates to the service providers how to handle referrals to external resources. |
Aliases Dereferencing Mode | This field is optional. This environment property indicates whether alias
entries are dereferenced. If enabled, when you look up an alias entry, the alias is
dereferenced and the object returned is the object that the alias is pointing to.
You can configure one of the following settings:
|
Administrator Login | The distinguished name or relative distinguished name for a user with rights to search the LDAP directory. This field and the Administrator Password field are required only when anonymous operations (logins) aren't allowed. |
Append to search base | Select this option to append the administrator login field with the search base
field for the distinguished name. For example, search base
DC=delta,DC=bcn with administrator login
CN=Administrator,CN=Users creates
CN=Administrator,CN=Users,DC=delta,DC=bcn . |
Administrator Password | The password for the user specified in the Administrator Login field. |
Note: Customers using LDAP authentication who
might be experiencing LDAP login issues have the option to configure the Global
Catalogue port to improve login performance. For details, refer to Configuring Global Catalogue for Active Directory Authentication.