An LDAP user is automatically created/updated as a result of a successful LDAP
authentication login. The user/password combination must be valid for the LDAP
authentication connection definitions and query rules.
Procedure
-
Go to .
-
In the Authentication field of the
toolbar, select LDAP from the drop-down
list.
-
Click the Configure
authentication icon next to the drop-down list.
-
In the Connection tab,
select the type of LDAP system.
If you select Custom, specify more
information in the Attribute Mappings tab.
-
Fill in the connection information such as the URL, username
and matching password.
You must have sufficient privileges to query the needed LDAP
users and groups.
-
In the Attribute Mappings tab, enter the
LDAP user attributes.
-
Go to the Group Assignment tab to assign automatically
groups based on the LDAP security model.
- Click Add then enter a name for the query and define
the group to be associated with the users in the query.
- To assign groups by group name, click the Browse icon
in the Group entry, enter a group name in the LDAP
system and select the Distinguished Name for that
group.
- To specify a search filter and include individual users, specify a search root
such as CN=company,CN=Users,DC=company,DC=local, then
click the Browse icon in the search filter entry and
select users in that filter.
- To specify a search filter and exclude individual users, specify a search root
such as CN=company,CN=Users,DC=company,DC=local, then
use the following syntax
(&(!(sAMAccountName=username1))(!(sAMAccountName=username)))
and click OK.
When creating the first LDAP query for group assignment, you switch from native
and manually managed group assignment to LDAP driven and automatic group
assignment for all LDAP users. Any LDAP user will lose any previous native group
assignment at the next login.
When deleting the last LDAP query for group assignment, you switch from LDAP
driven group assignment to native group assignment. Any LDAP user will be
associated with the Guest group, until the users are manually assigned to other
groups.
-
Click Test and save your
changes.