Version:

LDAP Authentication

LDAP (Lightweight Directory Access Protocol) is a service protocol used to communicate with internet directories over an Internet Protocol (IP) network. If your organization uses LDAP, you can configure Director Console to pull user authentication and role-based access control rules from your LDAP directory.

Note

When you change a user’s role in the LDAP or ADFS authentication from a directory server, the new role takes effect at the next login.

Configuring LDAP

Before configuring LDAP, use the following command to unlock the port for LDAP:

addldapsrv <IP_address> <port>

The IP_address is the IP address of the LDAP server that you use and port is the port where you want to configure LDAP. You must execute the command as cmdr-admin.

Note

  • You can run the addldapsrv command as cmdr-admin to repopulate all the firewall rules after upgrading Director Console to a new version. Once you execute the command, you need to update your password.

  • You need to re-run the addldapsrv command after you run the com-appinstaller command to let LDAP users log into Director Console and save configurations.

  1. Log in as the root user.

  2. Go to Authentication >> LDAP.

    ../_images/dc_auth_ldap_configuring_ldap_users.png

    LDAP Configuration

  3. In Base Settings section, enter the LDAP URL. It consists of the LDAP address and the port number of the LDAP server.

    Note

    If you use any secure ports in the LDAP URL, you must use the following format:

    ldaps://<IP_address>:<port>

    Example: ldaps://10.45.3.109:636

  4. Enter a Bind DN. It is an unique name for the LDAP server.

  5. Enter your LDAP Password.

  6. Enter a Base DN in the form of an Organization Unit (OU) and a Directory Controller (DC).

  7. Select an Authenticate Using option to authenticate the LDAP groups during login.

    Select dn to use standard DN format for login, uid to use uid for login (uid for Linux system), SAM Account Name to use SAM Account Name for login (SAM Account Name for Windows), and User Principal Name to use User Principal Name for internet-style login.

  8. Enter a Group Member Attribute which is the attribute of the group member provided in the LDAP server.

  9. Enter a User Search Filter to apply a user filter to the results from the LDAP groups.

  10. Enable CN Filter to filter users using their Common Name (CN).

    Note

    If you are using Active Directory (AD) to log into Director Console, then you must enable the CN filter.

  11. Enter the LDAP groups that have the Root Access, the Admin Access, and the User Access permissions in the Role Settings section.

    Note

    For example, if the Group Member Attribute entered is gidNumber, you must add the gidNumber of the group member in the:

    • Root Access for root permission

    • Admin Access for admin permission

    • User Access for normal user permission

  12. Click Update.

Logging in using LDAP Credentials

  1. Enter the IP address of the API Server into a web browser.

  2. Select LDAP from the drop-down.

  3. Enter your Username and Password.

    ../_images/dc_auth_ldap_login.png

    LDAP Login Page

  4. Click Log In.

Note

After two consecutive login attempts, captcha authentication is required for the next login.

../_images/dc_auth_ldap_login_captcha.png

LDAP Login Page with captcha

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support