LDAP Configuration
From AgileApps Support Wiki
Revision as of 00:51, 21 November 2013 by imported>Aeric (→Configuration Settings)
> Administration > Account Management > LDAP Configuration
If the enterprise has an LDAP server, the platform can be configured to automatically recognize selected users when they log in.
Considerations and Limitations
- Active Directory is currently supported. Open LDAP is under development.
- A single LDAP server is supported, currently.
- Common Name (CN) entries in an LDAP directory are the lowest level in the organizing hierarchy. They can be contained in OU entries (organizational units), but they cannot have subgroups. The search for a matching user does not currently span multiple groups, so a CN entry must be included either in the search DN or in the filter. The search path cannot terminate at an OU (or at a higher-level DC (Domain Controller) entry).
- The user's Team cannot currently be configured using LDAP attributes. The default team is always used.
How LDAP Works
User Experience
Effect on Platform Operations
Working with LDAP
Configuring LDAP
- Examine the configuration settings below to see which individual-user attributes can be populated from LDAP.
- If desired, create attributes for those settings in your LDAP server. (If all users will have the same settings, it's necessary. The'll use the default settings you configure below.)
- Go to
> Administration > Account Management > LDAP Configuration - Fill in the configuration settings
- Click [Save]
Configuration Settings
- Server Type - Active Directory (default)
- Server URL - The server domain and optional portal. Secure portal #636 is the default.
- For example: our.LDAPserver:998
- Login DN -
- Password -
- Starting Search Directory -
- User DN -
- User DN Filter -
- The (objectCategory=person) and (objectClass=user) parameters do not need to be specified. They are included automatically.
- Group DN -
- Group DN Filter -
- The Group search:
- The (objectCategory=group) parameter does not need to be specified. It is included automatically.
- Default Team -
- Default Access Profile -
- LDAP Attribute for Access Profile -
- The LDAP attribute must contain the role's record ID, not the name of the role.
- Default Application -
- LDAP Attribute for Application -
- The LDAP attribute must contain the role's record ID, not the name of the role.
- Default Role -
- LDAP Attribute for Role - The name of an LDAP field that designates the user's role in the default application.
- The LDAP attribute must contain the role's record ID, not the name of the role.
Tip: To get record IDs, use the following procedure:
- Navigate to the object in question (Access Profiles, Applications, or Roles)
- > Objects > {object}
- Edit the default view or create a new view for your use.
- Modify the view to include the Record ID field.
- View the entries in that object
- Take the record ID from the column you added to the view.
- Navigate to the object in question (Access Profiles, Applications, or Roles)
