Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. This page describes how TAG administrators can create connections to an LDAP like OpenLDAP, Microsoft Active Directory, Netscape Directory Server or Novell eDirectory. TAG uses LDAP as sources of Accounts and Claims, see more about it in Account Sources and Claim Sources.
To create a connection with LDAP some general configurations are needed.
Configuration |
Description |
Description |
The description of your LDAP server. |
Host |
The host of your LDAP server. |
Port |
The default port for many LDAP servers is 389. When TLS/SSL is used, the port is often changed to 636. |
Use SSL |
Allows Secure Sockets Layer (SSL) to be turned on and off. |
Use TLS |
Allows Transport Layer Security (TLS) to be turned on and off. |
| It is recommended to first try port 389 with TLS and SSL disabled. If Connection Refused appears, try port 636 with TLS enabled. If neither work, contact the LDAP system administrator to request the correct host, port and TLS/SSL settings. |
Connection pooling can offer a significant performance boost; the cost of initializing an ldap connection instance is high, so TAG keeps a pool of connections that will be available to be used. In this section you can configure the min and max of connections that the gateway can have in the pool.
Configuration |
Description |
Default |
Min Size |
Minimum size for the pool of connections. |
3 |
Max Size |
Maximum size for the pool of connections. |
10 |
This is the authentication configuration to access your LDAP server.
Configuration |
Description |
Bind DN (Distinguished Name) |
The full domain name for the user authenticating to the LDAP Directory. e.g. uid=admin,ou=system |
Bind Credentials |
The password for the user authenticating to the LDAP Directory. |
| Some development LDAP enviromnets do not require authentication, so for development purposes, not providing it is fine. |
The validation checks if the connection is healthy to be part of the pool. This validation may happen in different phases and you should be able to choose which phases would you like to check the connections.
| Configuration | Description |
|---|---|
On Borrow |
If true connections will be validated before being returned from the pool. If the validation fails, the connection is destroyed, and a new connection will be retrieved from the pool (and validated). |
Return |
If true connections will be validated before being returned to the pool. If the validation fails, the connection is destroyed instead of being returned to the pool. |
While Idle |
If true connections will be validated by the idle connection evictor (if any). If the validation fails, the connection is destroyed and removed from the pool. |
Base DN (Distinguished Name) |
The Base DN is the starting point in the hierarchy at which the search will begin. On each validation a search will be performed. e.g. ou=people,o=supertribe |
Filter |
The filter enables you to define search criteria for finding an entry. The filter will be used in the validation search performed on each validation. e.g. (objectClass=person) |
To be able to test your LDAP Connection go to the LDAP Account Souces or LDAP Claim Sources configuration page. There you will be able to test and troubleshoot possible issues.