Standard LDAP Group Security Settings

These setting apply to each of the LDAP Group login protocols.

Principal is the username of the user that will authenticate with the LDAP server (implementation dependant).

The Credentials is the password of the user that will authenticate with the LDAP server.

Search string that specifies the node to start the search from. for example;

DC=subdomain,DC=domainname,DC=com,DC=au

For windows, the LDAP URL will be to your domain controller, for example;

ldap://mydomaincontroller:389

or use Active Directory Global Catalog server, which may be faster to query against depending on your AD topology, in this case use;

ldap://myglobalcatalogserver:3268

User Search Filter statement to use for searching ldap users for authentication for example;

(uid={0}) or (sAMAccountName={0})

The system user distinguished name (DN) to connect to the LDAP server as (implementation dependant) User DN string example:

cn=Administrator,cn=users,dc=company,dc=com,dc=au

Group Role Attribute name under group DN which describes the role id or name (e.g. cn)

Group Search Filter, Group filter statement to check if user is a member (i.e. user exists in that group) e.g.

member={0})

This should be the element or attribute, under the group object in the LDAP structure, which displays the members of the group.

cn=administrators,cn=groups,dn=comnay,dn=com,dn=au

member=cn=James Anderson,cn=users,dn=domain,dn=com,dn=au

.... more attributes......


Kerberos (Active Directory) Login