Setting up LDAP authentication requires a few LDAP customization keys to be updated in your Customization Manager. All keys located at Web Interface | LDAP except for WebAuthType, which is located at Web Interface | Authentication.
LDAPBindStyle |
OneStep performs one or more binds to find the user while TwoStep does an initial bind to allow ILLiad to search the directory and then searches for that user. Example: OneStep or TwoStep |
---|---|
LDAPInitialBindDN |
Used only for TwoStep LDAP where this is the initial bind that authenticates ILLiad to search for the user attempting to register or login. Example: cn=ldapquery,ou=users,o=Atlas,c=US |
LDAPInitialBindPassword |
Used only for TwoStep LDAP and is the password for the LDAPInitialBindDN. Example: ldapquerypassword |
LDAPPortNo |
The port used for connecting to the LDAP server (389 by default for regular LDAP. 636 by default for SSL). Example: 389 |
LDAPSearchFilter |
Used only for TwoStep LDAP where the initial authentication is a bind and ILLiad then performs a search for the potential ILLiad user. Determines the user's DN from the UserID given on the login form. Example: (uid=$uid) or (sAMAccountName=$uid) |
LDAPSearchPrefix |
String around which the ILLiad username is placed in order to bind with the LDAP server. Used only for OneStep LDAP and is the prefix to the bind used to find the potential ILLiad user. Example: uid= |
LDAPSearchScope |
Used only for TwoStep LDAP and should rarely need to be changed from SubTree. Example: SubTree |
LDAPSearchSuffix |
String around which the ILLiad username is placed in order to bind with the LDAP server. Used for both OneStep and TwoStep LDAP but in slightly different ways. See details below. Example: o=Atlas,c=US |
LDAPSecureSSL |
If set to Yes, ILLiad uses the LDAPSecureSSLPort and not the LDAPPortNo value. Example: Yes or No |
LDAPSecureSSLPort |
Only used if LDAPSecureSSL is set to Yes. The default value for most LDAP servers is 636. Example: 636 |
LDAPServerName |
The name of the LDAP server. LDAP Server name or IP address. Example: ldap.atlas-sys.com |
LDAPVersion |
Tells ILLiad which version of LDAP to connect to. Most servers use version 2 or 3. Example: 2 or 3 |
WebAuthType |
Tells ILLiad to use LDAP authentication. Example: LDAP |
LDAPSearchSuffix is used by both OneStep and TwoStep LDAP but in slightly different ways. For OneStep LDAP the suffix is either a single suffix or pipe separated list of different suffixes for ILLiad to attempt to use for a bind. The entire bind would involve the values from: LDAPSearchPrefix + + , + LDAPSearchSuffix
If that bind fails, ILLiad will attempt the same combination but with the second LDAPSearchSuffix in the customization key. For TwoStep LDAP, ILLiad users the LDAPSearchFilter to search in the LDAPSearchSuffix and any subtrees under that location in the LDAP directory. Most sites using TwoStep set this value fairly high in the directory to allow for searching in multiple subtrees for a match, but that may vary based on who is allowed to use ILLiad.