Account Settings
When adding a new User Directory the first step is to configure the User Directory Account Settings.
The table below describes the required fields:
| Setting | Description |
|---|---|
| Server Address | Address of the User Directory server from where the users will be synchronized |
| Port | The port that will be used to connect to User Directory Note: the default port for LDAP is 389 and the default port for LDAPS is 636 |
| Authentication Protocol | Unsecure: Use basic authentication (simple bind) Less unsecure: Request secure authentication Note: AD DS uses Kerberos and possibly NTLM to authenticate the client Secure communication: Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Note: AD DS requires the Certificate Server to be installed to support Secure Sockets Layer (SSL) or TLS encryption. |
| Username | Username of a user inside the User Directory who has read permissions |
| Password | The user's password to be used |
| User Directory Type | Active Directory: Integrate with Active Directory LDAP Directory: Integrate with any custom User Directory that supports the LDAP protocol Note: Integration with LDAP Directory will require some extra fields to be completed. |
When you have filled the required information click Continue to Synchronization and Login Configuration.
LDAP Directory Configuration
If LDAP Directory is selected from the User Directory type dropdown list, some additional configuration fields will be required in the Account Configuration step in order to connect and synchronize an LDAP Directory.
If the administrator user used for LDAP connection is not a part of the base DN you can specify the full distinguished name in the Username field
(eg. cn=Administrator,cn=Users,dc=example,dc=com)
The following information should be given to configure an LDAP user directory:
| Attribute | Description |
|---|---|
| Base DN | The DN from where all users can be reached. (e.g. dc=CompanyName,dc=com) |
| User Object Class | The name of the object class (objectClass) that is for user objects. (e.g. posixAccount or person) |
| Object Unique Identifier Attribute | The name of the LDAP attribute that is the unique identifier of an entry. (e.g. entryUUID or objectGUID) |
| User Email Attribute | The name of the LDAP attribute that contains the email of the users. (e.g. mail or email) |
| User Display Name Attribute | The name of the LDAP attribute that contains the display name of the users and will be used as the login name of the users. (e.g. cn, uid or sAMAccountName) |
| Group Object Class | The name of the object class (objectClass) that is for group objects. (e.g. posixGroup or group) |
| Organizational Unit Object Class | The name of the object class (objectClass) that is for organizational unit objects. (e.g. organizationalUnit or ou) |
Only LDAP attributes should be provided in this configuration step. Aliases will not be recognized.
When you have filled the required information click Continue to Synchronization and Login Configuration.