Ldap Account Source is used to add LDAP as a source of accounts in TAG. It doesn’t import accounts automatically but now the accounts are available for authentication and to be imported. If you want to import an account go to Accounts and add an External Account.
Before configuring a LDAP Account Source you will need to have a LDAP Connection. The connection will be used to access and authenticate to LDAP.
| Configuration | Description |
|---|---|
Connection |
Ldap connection to be used as the source of accounts. |
This configuration will be used to search, retrieve user information from LDAP and also to authenticate users at runtime.
| Configuration | Description |
|---|---|
Base DN (Distinguished Name) |
The User Base DN is the starting point in the hierarchy at which your user search will begin. e.g ou=people,ou=system |
Filter |
Search filters enable you to define search criteria for finding users. {username} is the variable that will be replaced at runtime with the username login in. The uid is the LDAP username attribute containing the username data. For example: (&(objectclass=person)(uid={username})) |
Subtree Search |
If true the search will be done in the subtree as well. |
Username Attribute |
This is the username attribute in LDAP. |
Full name Attribute |
This is the fullname attribute in LDAP. |
Email Attribute |
This is the email attribute in LDAP. |
This an optinal configuration will be used to search, retrieve role information from LDAP. You can add the role configuration clicking at:
Then fill the configuration based on the descriptions below:
| Configuration | Description |
|---|---|
Base DN |
The Role Base DN is the starting point in the hierarchy at which your role search will begin. |
Filter |
Search filters enable you to define search criteria for finding roles. {dn} is the variable that will be replaced at runtime with the Domain Name of the user. "member" is the property in the group that points to the users assigned to that role. This can be configurable in the filter. For example: (member={dn}) |
Attribute Id |
This is the role id attribute in LDAP. |
TAG helps you test your LDAP Account Source by providing a Test Window where you can try different configurations until you get it right.
You can open the Test Window by clicking Test:
This window will show up and you can adjust your configuration until you get the expected results.
| Logs will be available after you click TEST, if any issues happen because of a bad configuration you can use the logs to troubleshoot the problem. A common issue may be Failed to initialize LDAP connection, this may be due to an issue with your LDAP Connection configuration or a problem with your LDAP Server. |