Detail Form:
An LDAP (Lightweight Directory Access Protocol) Policy applies to the LDAP Authentication Feature. The LDAP Policy form is used to configure the parameters used to connect to a directory service database in order to authenticate a user via LDAP. In order for the system to perform the query, an LDAP Policy must be configured and assigned, and the user must have a Web Authentication Profile setting where the setting value is LDAP User/Password Validation (as opposed to Person/PIN Validation).
Both the Web Authentication Profile setting and LDAP Policy can be assigned in System Settings, Person Group Setting, or Person Setting. A Person Setting overrides a Person Group Setting, which overrides System Settings.
The table below describes how the Web Authentication Profile and LDAP Policy settings can be combined.
Web Authentication Profile Setting Value |
LDAP Policy assigned? |
Outcome |
LDAP User/Password Validation |
Yes |
The user is authenticated against the directory provider identified in the user's LDAP Policy. |
LDAP User/Password Validation |
No |
The login authentication will fail because there is no configured/assigned LDAP Policy. |
Person/PIN Validation |
Yes |
The user is authenticated against the login name and password combination in the application database. The LDAP Policy does not apply. |
Person/PIN Validation |
No |
The user is authenticated against the login name and password combination in the application database. Note: This combination is the default setting in System Settings, which apply to all users. Unless the user has other setting values via Person Group or Person, the default setting applies. |
See Also:
LDAP Policy Field Descriptions
Find, Add, Modify, Delete, or Copy an LDAP Policy
Policy Name
Name of the LDAP Policy.
Host
Name or IP address used to connect to the LDAP directory server.
Port
Port number used to connect to the Host (LDAP directory server). Note that the port number may be different if you are using SSL.
Secondary Host
Name or IP address of the host used to connect to a second LDAP directory server. This host will be used if the system cannot connect to the LDAP directory server listed in the Host field (above).
Secondary Port
Port number used to connect to the Secondary Host (secondary LDAP directory server). Note that the port number may be different if you are using SSL.
Use SSL (Secure Socket Layer)
Use SSL determines if the connection to the LDAP Directory should be made using SSL. If you enable this setting, a valid keystore is required.
See LDAP Authentication Using SSL for more information.
Update Date, Updated By
These fields display when the record was created or updated, and the person who created or updated the record.
To find a specific LDAP Policy, click the Filter area at the top of the form to display the Policy Name filter field. Select the policy you want to view, copy, delete, or modify and click Find.
To add a new LDAP Policy, click Add. Enter values in the fields and click Save.
You can modify all the fields in the LDAP Policy except the Policy Name. To do so, select the policy and click Modify.
You can copy an LDAP Policy and save the duplicate with a new name. To do so, select the policy and click Copy. Change the Policy Name, modify the other fields as necessary, and click Save.
You can delete an LDAP Policy if it is not assigned to a Person, Person Group, or a System Setting.