LDAP and AD User Interface Examples
The following examples can be used to set up the LDAP Active Directory and LDAP rfc2307bis.
The following form examples are Active Directory and LDAP rfc2307bis.
More examples for Active Directory filter can be found at Active Directory.
Definition | Description |
---|---|
Name | Name of this connector. |
Type | The connector type. Only the Generic type is currently supported. |
Connection | These fields are attributes of the server connection. |
Host | Domain name or IP address of the LDAP host. |
Port | The LDAP port. |
Use TLS | Enable or disable LAPS protocol for a secure connection. TLS settings should match the port. LDAP servers use port 389 for LDAP protocol and port 636 for LDAPS protocol. The connection fails if port 389 is specified and the Use TLS option is enabled. |
Bind DN | Account used to connect to the LDAP server (only requires read and browse permissions). The distinguished name of the account used for accessing LDAP server. An anonymous connect is used of Bind DN is not specified. |
CA Certificate Chain | Trusted root certificate chain (only required if private CA is used by the server).
|
Bind DN Password | Password for Bind DN |
Users | These attributes are used to find user accounts in the LDAP server. |
User Search Base DN | Distinguished name of the entity where search for users starts . |
Search Scope | The Search Scope is an option. sub, one or base indicate the search scope (sub is the default).
|
User Search Filter | The LDAP filter used to identify user accounts. |
Attribute for Unique User ID | LDAP attribute to uniquely identify a user. The typical value is uidNumber for rfc2307 and object GUID for AD . |
Attribute for Username | An LDAP attribute containing the username for logging in. It is usually uid for sAMAccountName for AD . |
Attribute for First Name | An LDAP attribute that contains the first name of the user. The default value is givenName. |
Attribute for Last Name | An LDAP attribute contains the last name of the user. The default value is sn . |
Groups | These attributes are used to find groups in the LDAP server. User roles are derived from group names. For example, administrator is matched against Manufacturing Connect Edge user roles. |
Group Search Base DN | The distinguished name of the entity where search for group starts. |
Group Search Filter | The LDAP filter used to identify user groups . |
Group Name Attribute | The attribute name containing the group name (usually cn) . |
Group Membership Attribute | The attribute name that contains the list of group members (usually member) .
|
Member value type | The type of the member value (values are dnor uid). This attribute is case sensitive. |
Test | These values are used for testing connectivity. |
UserID | The userid. |
Password | The password. |
If the test fails, you should receive a detailed message about the reason for failure. Here is a list of a few possible failure reasons:
- Unable to connect to the server: Wrong address/DNS name or port of the of the LDAP host.
- Protocol mismatch: Connecting with TLS to the port that doesn't support authentication.
- Certificate validation failure: Missing or invalid rootCA.
- User not found: Indicates broad range of possible problems like invalid search path, invalid filter, or invalid attributes for username or userid.
- User attribute not found: When one of the user attributes is either missing or empty.
- Group not found: If search path, scope, or filter are invalid.
- Group attribute not found: If any of the group attributes is empty or missing.
- Authentication failure: If authentication fails, this usually means invalid username or password.
- Authorization failure: Means that returned set of scopes does not match those of the requested role.
Note: The Save button is only available if the test successfully completes.