LDAP Authentication
Some terms firstDN - Distinguished Name
OU - Organizational Unit
DC - Domain Component
CN = common name
UID - User ID
This section will go over how to configure LDAP Authentication. LDAP is similar to SNMP MIBs in it's structure. There are Distinguished Names that are sets of Relative Distinguished Names.
Step 1 - Create a LDAP Provider
There are three fields of note in this tab:
BIND DN: - the BIND DN is used to authenticate. The format is this:
cn=user,ou=people,dc=example,dc=com
BASE DN: - the base DN is generally the domain name of the company involved:
dc=example,dc=com
Filter: - Generally the userID is filtered:
sAMAccountName=$userid
Step 2 - Add a Group Rule to the LDAP provider
Group Authorization: Enable
Group Recursion: Enable
Target Attribute: Leave as 'memberOf'
Step 3 - Create a LDAP Provider Group - this step allows the use of multiple providers if needed
Provide a name for the Provider Group and associate the LDAP provider
Step 4 - Create LDAP Group Maps - this is where LDAP groups within the AD are mapped to roles and locales
cn=ucsadmin, ou=people,dc=example,dc=com
Step 5 - Create an LDAP Authentication Domain - A domain is defined here with the Realm set to LDAP.
Associate the Provider Group and select LDAP for the Realm
