Skip to main content

Installation and Administration Guide

LDAP User Setting

In this section, enter information that tells the platform where to look for users in the LDAP server. The first three fields are LDAP user attributes that map the search to the correct attributes in the server.

LDAP_User_Setting_INFA.PNG

Username LDAP Attribute—Enter the attribute that the platform should treat as the username.

RDN LDAP Attribute—Enter the main identifier attribute, which is part of the DN and meant to uniquely identify the user with the given LDAP path (search base). It is typically uid, dn, or cn.

UUID LDAP Attribute—Enter the universally unique identifier of a user. This is a globally unique string of 16 octets (128-bit).

The User Object Classes used depends on the schema of your LDAP server. For example:

  • posixAccount for an nis.schema

  • inetOrgPerson for an inetorgperson.schema

  • organizationalPerson for a core.schema

In Users Search Base, enter the location in the LDAP directory where the search for a particular directory object begins. It is denoted as the distinguished name of the search base directory object. For example: CN=Users,DC=domain,DC=com

Select One Level or Subtree. "One Level" means that all users must have the same path and they only differ in the RDN part of their DN. Conversely, "Subtree" means that the platform searches all sub-vertices of the base path too. For example, when the base path is cn=users,dc=example,dc=com then it also searches cn=externalUsers,cn=users,dc=example,dc=com.