LDAP authentication
- Name – An internal name used for identifying the particular authentication provider configuration
Domains – The domain names of the LDAP server. If not strict domain and the user is trying to authenticate without entering a domain in the credentials, SAFEQ Cloud will attempt to authenticate with all the domains in the list (in the order they are defined).
Specifying the correct domain name is especially important if using the Strict domain validation feature as it is otherwise not possible to detect to which domain a user belongs.Priority – A number that determines the order in which authentication providers will be called until one succeeds. Higher-priority providers will be called first.
Active – If enabled, this authentication provider will be used for authentication. If disabled, this authentication provider will not be searched.
- Base DN – The point in the LDAP where searching will begin. Will apply to both user and group searching, if Group Base DN is empty.
- Group Base DN – Possible to specify another starting point for LDAP searching for groups. If omitted, the Base DN is used for group search.
- Server name – The actual address (DNS, hostname or IP) of the LDAP server to which SAFEQ Cloud Authentication Service will connect to search.
- Port – Port used for the LDAP service, typically 389 for non-SSL and 636 for SSL.
- Username – Username used to connect and search in the LDAP.
- Password – Password used to connect and search in the LDAP.
- OUs or groups – Choose how to identify groups, for access control management, default is “Groups”.
- Bind type – Whether to bind with Plain connection, MD5 digest, or Kerberos.
- Enable SSL – Whether connection to LDAP should use SSL encryption.
- Custom attributes – Expand custom attributes to change the LDAP attributes in which username, card ID’s, ShortID’s and similar are stored.
Service – Which Authentication Service will communicate to this LDAP server. If no service is created, it can be added using the Add button.
Note. If you have multiple Active Directory servers, point authentication to the primary domain.