Authenticating with LDAP

The Solution Manager Server supports LDAP authentication that delegates the authentication of users to an LDAP server. To enable LDAP authentication in the Solution Manager, login with the Solution Manager Web Tool as an administrator user, click the menu Configuration > Authentication and then, open the LDAP configuration.

LDAP configuration

LDAP configuration

  1. LDAP authentication enabled: Check for enable LDAP authentication. Allow to retrieve users from a LDAP server and authenticate them with their credentials.

  2. Global LDAP configuration: Configure the LDAP source and the required search to retrieve users and roles.

    This configuration will be used for LDAP authentication and also when you choose certain Single Sign On configuration as Kerberos and external Identity Provider without role extraction by assertions.

    • Server URI: Path to the LDAP server.

    • Login and Password: Credentials to access the LDAP server

    • Use GSSAPI SASL: Authentication mechanism to connect to the LDAP server with SASL binding with GSSAPI authentication mechanism, instead of “simple binding”. If the organization adopted a multi-domain environment, you have to select this check box. Also, the administrator of the LDAP server (usually, Active Directory) has to establish a trust relationship between the domains, to allow authentication of users from all domains.

    • User base: node of the LDAP server that is used as scope to search nodes that represent users. You can enter more than one “User base” expression.

    • Attribute with user name: name of the attribute that contains the user name of users, in the nodes that represent users.

    • User search pattern: pattern used to generate the LDAP queries that will be executed to obtain the nodes that represent the users that try to connect to the Server.

    • Role base: node of the LDAP server that is used as the scope to search the nodes that represent roles that users of this database can have. You can enter more than one “Role base” expression.

    • Attribute with role name: name of the attribute that contains the name of the role, in the nodes that represent roles.

    • Role search pattern: pattern used to generate the LDAP queries that will be executed to obtain the nodes that represent the roles of a user. This pattern has to contain the token @{USERDN} or @{USERLOGIN} (it cannot contain both):

      • @{USERDN} will be replaced with the Distinguished Name of the user that tries to connect to this database. For example, “CN=john,CN=Users,DC=acme,DC=loc”.

      • @{USERLOGIN} will be replaced with the login name of the user that tries to connect to this database. For example, “john”.

    Important

    Create the specific roles that may be retrieved by LDAP and assign them the corresponding privileges. See privileges system for more information.

After enable LDAP authentication in this configuration, when the users go to the Solution Manager, they will be logged used user and password located on the relying LDAP source.