Creating and configuring the LDAP profile is the first step towards successful LDAP integration with Clarify. Profiles must contain the LDAP Type, Host URL, Account Name, Password, and Search Base. After providing this information, the actual connection to the Server can be tested.
- Under the LDAP Profiles section, click Add to open the Add LDAP Profile screen, shown here.
- Choose the LDAP Type.
The LDAP Type reflects the type of server to integrate with Clarify; current options include ActiveDirectory or Apache DS. All further configuration steps will apply to the type selected. In the above example, Active Directory has been selected.
- Enter the Host URL.
The Host URL describes the path to the actual LDAP server to communicate with; it must be valid, include the protocol ldap:// before the path, and contain the port number. For example: ldap://YourLdapServer:389Note: Clarify does not currently support the ldaps:// protocol.
- Enter the Account Name.
Account Name indicates a pre-defined login which Clarify uses to verify a user’s login credentials to the LDAP server. This is often your default LDAP user account with no group memberships and no permissions, and generally used solely for this purpose.Note: No modifications are ever made to your LDAP configuration.
- Enter the Password.
The password for the generic Account Name user.
- Enter the Search Base.
Used as a reference point when searching for specific groups in the LDAP Server directory; this constrains the search area, establishing the level of the LDAP directory information tree from which below all searches will function.
- Enter an optional Search Filter.
The search filter identifies groups on the LDAP server, and allows Clarify to reference this filter against the list of group-to-role mappings. When a logged-in user is identified as a member of one of these Groups, Clarify then knows to apply any roles and permissions that have been assigned. The format of a search filter may look similar to the following example:(| (objectClass=groupOfUniqueNames)(objectClass=groupOfNames))There are many variations of this filter; obviously the one used must comply with your LDAP server requirements.Note: If this field is left blank, Clarify still executes a default search filter.
- Confirm you can connect to the LDAP server by clicking Test Connection. A resulting pass or fail message appears.
Possible failure could be caused by:
- An LDAP Server that is suspended or not running.
- Incorrect URL, Account Name, or Password.
- Click OK to retain all configuration information.
By default, the profile will be disabled (not an active integration), which is indicated with a red decorator .
Configuration details can be edited , and the connection tested using the available toolbar buttons.