Creating and configuring the LDAP profile is the first step towards successful LDAP integration with Clarify. Profiles must contain the LDAP Type, Host URL, Account Name, Password, and Search Base. After providing this information, the actual connection to the Server can be tested.
- Under the LDAP Profiles section, click Add to open the Add LDAP Profile screen, shown here.
- Choose the LDAP Type.
The LDAP Type reflects the type of server to integrate with Clarify; current options include ActiveDirectory or Apache DS. All further configuration steps will apply to the type selected. In the above example, Active Directory has been selected.
- Enter the Host URL.
The Host URL describes the path to the actual LDAP server to communicate with; it must be valid, include the protocol
ldap:// before the path, and contain the port number. For example:
ldap://YourLdapServer:389
Note: Clarify does not currently support the ldaps:// protocol.
- Enter the Account Name.
Account Name indicates a pre-defined login which Clarify uses to verify a user’s login credentials to the LDAP server. This is often your default LDAP user account with no group memberships and no permissions, and generally used solely for this purpose.
Note: No modifications are ever made to your LDAP configuration.
- Enter the Password.
The password for the generic Account Name user.
- Enter the Search Base.
Used as a reference point when searching for specific groups in the LDAP Server directory; this constrains the search area, establishing the level of the LDAP directory information tree from which below all searches will function.
- Enter an optional Search Filter.
The search filter identifies groups on the LDAP server, and allows Clarify to reference this filter against the list of group-to-role mappings. When a logged-in user is identified as a member of one of these Groups, Clarify then knows to apply any roles and permissions that have been assigned. The format of a search filter may look similar to the following example:
(| (objectClass=groupOfUniqueNames)(objectClass=groupOfNames))
There are many variations of this filter; obviously the one used must comply with your LDAP server requirements.
Note: If this field is left blank, Clarify still executes a default search filter.
- Confirm you can connect to the LDAP server by clicking Test Connection. A resulting pass or fail message appears.
Possible failure could be caused by:
- An LDAP Server that is suspended or not running.
- Incorrect URL, Account Name, or Password.
- Click OK to retain all configuration information.
The new profile appears under the LDAP Profiles section, and the information just entered in the steps above are populated on the Profile Details section.
By default, the profile will be disabled (not an active integration), which is indicated with a red decorator .
Configuration details can be edited , and the connection tested using the available toolbar buttons.
Comments
0 comments
Please sign in to leave a comment.