Page History
...
- the LDAP Server product has to be installed and has to be accessible for JOC Cockpit,
- settings are required for configuration in a Simple Mode and Expert Mode.
Simple Mode Configuration
This configuration mode is intended for for users who are looking for authentication (not: authorization) with LDAP:
Explanation:
LDAP Server Host
: Expects the hostname or IP address of the LDAP Server host. If TLS/SSL protocols are used then the Fully Qualified Domain Name (FQDN) of the host has to be used for which the LDAP Server SSL certificate is issued.LDAP Protocol
: The LDAP Protocol can be Plain Text, TLS or SSL. Plain Text is not recommended as the user account and password will be sent through the network without encryption. TLS and SSL protocols are considered being secure as they encrypt the connection to the LDAP Server.LDAP Server Port
: The port that the LDAP Server is listening to. For Plain Text and TLS connections frequently port389
is used, for SSL connections port636
is a frequent option.LDAP Server is Active Directory
: This setting simplifies the configuration if the LDAP Server is implemented by Active Directory. A number of attributes for user search and group search are automatically assumed if Active Directory is used.LDAP Server offers sAMAccountName attribute
: ThesAMAccountName
attribute is the unique identifier of a user account. This attribute frequently is available with LDAP Servers of type Active Directory.LDAP Server offers memberOf attribute
: ThememberOf
attribute simplifies the search for Security Groups for which the user account has membership. This attribute frequently is available with LDAP Servers of type Active Directory, however, other LDAP products similarly can implement this attribute.LDAP Search Base
: TheSearch Base
for looking up user accounts in the hierarchy of LDAP Server entries, for exampleOU=Operations,O=IT,O=Users,DC=example,DC=com
.LDAP User Search Filter
: TheUser Search Filter
specifies an LDAP query that is used to identify the user account in the hierarchy of LDAP entries.
...
The remaining settings in this mode look like this:
x
Explanation:
LDAP Server URL
: The LDAP Server URL specifies the protocol, e.g.ldap://
for Plain Text and TLS connections,ldaps://
for SSL connections. The protocol is added the hostname (FQDN) and port of the LDAP Server.LDAP Start TLS
: This switch makes TLS the protocol for the connection to the LDAP Server.LDAP Host Name Verification
: This switch has to be active to check if hostnames in theLDAP Server URL
and in the LDAP Server certificate match.
Further Resources
The following articles provide detailed information about configuration of an LDAP Identity Service:
Display children header |
---|
Overview
Content Tools