Difference between revisions of "LDAP Configuration"
From AgileApps Support Wiki
imported>Aeric |
imported>Aeric |
||
| Line 43: | Line 43: | ||
:* '''Default Access Profile -''' | :* '''Default Access Profile -''' | ||
:* '''LDAP Attribute for Access Profile -''' | :* '''LDAP Attribute for Access Profile -''' | ||
:: | ::: The LDAP attribute must contain the role's ''record ID'', not the name of the role. | ||
:* '''Default Application -''' | :* '''Default Application -''' | ||
:* '''LDAP Attribute for Application -''' | :* '''LDAP Attribute for Application -''' | ||
:: | ::: The LDAP attribute must contain the role's ''record ID'', not the name of the role. | ||
:* '''Default Role -''' | :* '''Default Role -''' | ||
:* '''LDAP Attribute for Role -''' The name of an LDAP field that designates the user's role in the default application. | :* '''LDAP Attribute for Role -''' The name of an LDAP field that designates the user's role in the default application. | ||
:: | ::: The LDAP attribute must contain the role's ''record ID'', not the name of the role. | ||
{{Tip|To get record IDs, use the following procedure: | {{Tip|To get record IDs, use the following procedure: | ||
# Navigate to the object in question (Access Profiles, Applications, or Roles) | # Navigate to the object in question (Access Profiles, Applications, or Roles) | ||
Revision as of 00:34, 21 November 2013
> Administration > Account Management > LDAP Configuration
If the enterprise has an LDAP server, the platform can be configured to automatically recognize selected users when they log in.
Considerations and Limitations
- Active Directory is currently supported. Open LDAP is under development.
- A single LDAP server is supported, currently.
- The search for a matching user ____. It cannot span multiple ___s, as yet--so a CN entry must be included either in the search DN or the filter.
- The user's Team cannot currently be configured using LDAP attributes. The default team is always used.
How LDAP Works
User Experience
Effect on Platform Operations
Configuring LDAP
- Examine the configuration settings below to see which user attributes can be populated from LDAP.
- Create attributes for those settings in your LDAP server.
- Go to
> Administration > Account Management > LDAP Configuration - Fill in the configuration settings
- Click [Save]
Configuration Settings
- Server Type - Active Directory (default)
- Server URL - The server domain and optional portal. Secure portal #636 is the default.
- For example: our.LDAPserver:998
- Login DN -
- Password -
- Starting Search Directory -
- User DN -
- User DN Filter -
- The (objectCategory=person) and (objectClass=user) parameters do not need to be specified. They are included automatically.
- Group DN -
- Group DN Filter -
- The Group search:
- The (objectCategory=group) parameter does not need to be specified. It is included automatically.
- Default Team -
- Default Access Profile -
- LDAP Attribute for Access Profile -
- The LDAP attribute must contain the role's record ID, not the name of the role.
- Default Application -
- LDAP Attribute for Application -
- The LDAP attribute must contain the role's record ID, not the name of the role.
- Default Role -
- LDAP Attribute for Role - The name of an LDAP field that designates the user's role in the default application.
- The LDAP attribute must contain the role's record ID, not the name of the role.
Tip: To get record IDs, use the following procedure:
- Navigate to the object in question (Access Profiles, Applications, or Roles)
- > Objects > {object}
- Edit the default view or create a new view for your use.
- Modify the view to include the Record ID field.
- View the entries in that object
- Take the record ID from the column you added to the view.
- Navigate to the object in question (Access Profiles, Applications, or Roles)
