The LDAP Authentication tab is used to configure the fields that determine how to connect to a directory provider (such as Active Directory) in order to perform an authentication. When a user who requires LDAP authentication attempts to log in to the application, the system will use the following information to authenticate the user:
Search Rdn + username entered + Base DN
Employee Kimi Raikkonen attempts to log in with username kraikkonen and password abc#123. The LDAP authentication is configured as follows:
Field |
Value |
Search Rdn |
sAMAccountName |
Base DN |
CN=Users,DC=kbtst,DC=local |
As a result of the login user name and configuration, the system will attempt to authenticate the user with the following:
sAMAccountName=kraikkonen,CN=Users,DC=kbtst,DC=local
Password abc#123
If the login fails, the system will search for Kimi Raikkonen's entry in the LDAP directory. To perform the search, the system uses the values in the Search User Dn and Search User Password to connect to the server. The lookup would be performed by searching for the user's Distinguished Name, which in this case is CN=Kimi Raikkonen,CN=Users,DC=kbtst,DC=local.
The system would try to authenticate Kimi with:
Username: CN=Kimi Raikkonen,CN=Users,DC=kbtst,DC=local
Password: abc#123.
See Also:
LDAP Authentication Field Descriptions
Search RDN (Relative Distinguished Name)
The Relative Distinguished Name lists an attribute in the directory provider. The attribute and its value make up the prefix of the path that is used to authenticate the user or determine the user's Distinguished Name.
For example, the Search RDN could be sAMAccountName (User Logon Name in Active Directory). If a user attempts to login as kraikkonen, the username would be sAMAccountName=kraikkonen followed by the path listed in the Base DN field. If a search is necessary, the system would filter by: sAMAccountName=kraikkonen in order to make up the user's Distinguished Name. For more details, see the Example listed above .
Note: The user's value in the directory attribute listed in the Search RDN field must match the user's Login Name on the PEerson form.
Base DN (Distinguished Name)
The Base DN is the path level of the LDAP directory tree where the system makes an attempt to authenticate a user via the user’s full DN. For example: CN=Users,DC=kbtst,DC=local.
Search User DN (Distinguished Name)
Identifies the Distinguished Name used to connect to the LDAP Directory.
Example: CN=Administrator,CN=Users,DC=kbtst,DC=local.
Search User Password
The password for the above DN. It is the password the system uses to connect to the LDAP Directory in order to perform the search.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select an LDAP Policy from the Policy Name filter and click Find.
The LDAP Authentication will display below.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select an LDAP Policy from the Policy Name filter and click Find.
Click Add on the LDAP Authentication tab below.
Enter a Search RDN. The Relative Distinguished Name determines the value used to authenticate or search for the person that is attempting to log in to the system and requires authentication.
Enter a Base DN. The Base DN is the path level of the directory tree where the system makes an attempt to authenticate a user via the user’s full DN.
Enter a Search User DN. This is the Distinguished Name used to connect to the directory.
Enter a Search User Password. This is the password the system uses to connect to the directory in order to perform the search.
Enter a Test Auth. Login Name used to test the configuration. The login name must match the user's Login Name on the Employee form. It also has to match the user's value in the directory attribute listed in the Search RDN field.
Enter a Test Auth. Password used to test the configuration.
Click Save. The system will perform an LDAP authentication. If the authentication is successful, the system will save the record, otherwise an error will display. You can view details of the error in the Module-AE.log file in the \logs directory.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select the LDAP Policy from the Policy Name filter and click Find to display the policy record.
Select the LDAP authentication below and click Modify.
Modify the fields and click Save. The system will perform an LDAP authentication. If the authentication is successful, the system will save the record, otherwise an error will display. You can view details of the error in the Module-AE.log file in the \logs directory.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select the LDAP Policy from the Policy Name filter and click Find to display the policy record.
Select the LDAP authentication below and click Copy.
Modify any necessary fields and click Save. The system will perform an LDAP authentication. If the authentication is successful, the system will save the record, otherwise an error will display. You can view details of the error in the Module-AE.log file in the \logs directory.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select an LDAP Policy from the Policy Name filter and click Find to display the policy record.
Select the LDAP authentication below and click Delete.
Click OK to confirm the action.
The Test Authentication button allows you to perform an LDAP authentication based on the values you enter in the Test Auth. Login and Test Auth. Password fields. The system will attempt to authenticate the Login/Password combination based on the parameters.
Click Main Menu > Configuration > Policies > LDAP Policy.
Click the Filter button to display the filter fields.
Select an LDAP Policy from the Policy Name filter and click Find to display the policy record.
Enter a valid login name in the Test Auth. Login Name field. The login name must match the user's Login Name on the Employee form. It also has to match the user's value in the directory attribute listed in the Search RDN field.
Enter a valid password in the Test Auth. Password field.
Click Test Authentication. If successful, a success message will display. If authentication is not successful, an error message will display. You can view details of the error in the Module-AE.log file in the \logs directory.