LDAP Authentication: Customizing Settings

Print Friendly and PDF Follow

Setting up LDAP authentication requires a few LDAP customization keys to be updated in your Customization Manager. All keys located at Web Interface | LDAP except for WebAuthType, which is located at Web Interface | Authentication.

LDAPBindStyle

OneStep performs one or more binds to find the user while TwoStep does an initial bind to allow ILLiad to search the directory and then searches for that user. Example: OneStep or TwoStep

LDAPInitialBindDN

Used only for TwoStep LDAP where this is the initial bind that authenticates ILLiad to search for the user attempting to register or login. Example: cn=ldapquery,ou=users,o=Atlas,c=US

LDAPInitialBindPassword

Used only for TwoStep LDAP and is the password for the LDAPInitialBindDN. Example: ldapquerypassword

LDAPPortNo

The port used for connecting to the LDAP server (389 by default for regular LDAP. 636 by default for SSL). Example: 389

LDAPSearchFilter

Used only for TwoStep LDAP where the initial authentication is a bind and ILLiad then performs a search for the potential ILLiad user. Determines the user's DN from the UserID given on the login form. Example: (uid=$uid) or (sAMAccountName=$uid)

LDAPSearchPrefix

String around which the ILLiad username is placed in order to bind with the LDAP server. Used only for OneStep LDAP and is the prefix to the bind used to find the potential ILLiad user. Example: uid=

LDAPSearchScope

Used only for TwoStep LDAP and should rarely need to be changed from SubTree. Example: SubTree

LDAPSearchSuffix

String around which the ILLiad username is placed in order to bind with the LDAP server. Used for both OneStep and TwoStep LDAP but in slightly different ways. See details below. Example: o=Atlas,c=US

LDAPSecureSSL

If set to Yes, ILLiad uses the LDAPSecureSSLPort and not the LDAPPortNo value. Example: Yes or No

LDAPSecureSSLPort

Only used if LDAPSecureSSL is set to Yes. The default value for most LDAP servers is 636. Example: 636

LDAPServerName

The name of the LDAP server. LDAP Server name or IP address. Example: ldap.atlas-sys.com

LDAPVersion

Tells ILLiad which version of LDAP to connect to. Most servers use version 2 or 3. Example: 2 or 3

WebAuthType

Tells ILLiad to use LDAP authentication. Example: LDAP

 

LDAPSearchSuffix is used by both OneStep and TwoStep LDAP but in slightly different ways. For OneStep LDAP the suffix is either a single suffix or pipe separated list of different suffixes for ILLiad to attempt to use for a bind. The entire bind would involve the values from: LDAPSearchPrefix + + , + LDAPSearchSuffix

If that bind fails, ILLiad will attempt the same combination but with the second LDAPSearchSuffix in the customization key. For TwoStep LDAP, ILLiad users the LDAPSearchFilter to search in the LDAPSearchSuffix and any subtrees under that location in the LDAP directory. Most sites using TwoStep set this value fairly high in the directory to allow for searching in multiple subtrees for a match, but that may vary based on who is allowed to use ILLiad.

Questions?

If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support