Versions Compared

Old Version 1

changes.mady.by.user The Force

Saved on

compared with

New Version Current

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DOC and version 8.2.0-8.2.1

...

  1. Configure the LDAP server using the 6connect ProVision LDAP Schema
  2. Create the LDAP user(s) in a 'LDIF' file ( testing the query using LDAP Search, if desired)
  3. Configure ProVision with the LDAP authentication settings by enabling LDAP then entering (at minimum) the following information
    1. LDAP Server Address
    2. Port
    3. LDAP Auth DN List
    4. LDAP Fetch DN
    5. LDAP Group Attribute

...

To configure the use of LDAP authentication with ProVision:

  1. Log into 6connect ProVisioninto ProVision
  2. Go to Settings Tab → Admin Settings -> Authentication
  3. Select "LDAP" under "Authentication Options"
  4. Move the LDAP Enable selector to the "ON" position.
  5. Fill in the hostname or ip address, authentication port, LDAP Security, Auth DN List, and Fetch DN, and LDAP Group Attribute.

    1. Example values in this case would be: 

      • LDAP Enable: (Checked)
      • LDAP Server Address:  IP or Domain, such as 1.2.3.4 or somelabserver.lab.com
      • LDAP Port:  389 ( or SSL/TLS port is 636)
      • LDAP Security:  None
      • LDAP Auth DN:  cn=%LOGIN%,dc=6connect,dc=com
      • LDAP Fetch DN:  cn=%LOGIN%
      • LDAP Group Attribute:  memberOf
      • LDAP Username / LDAP Password: Optionally, you may enter LDAP admin credentials to allow ProVision to import and sync LDAP contacts. See Contact Manager for details on LDAP contacts.
  6. Click "Test Server" to verify the connection.
    1. NOTE: If you experience authentication errors at this step, confirm the LDAP settings using an LDAP Search, as described in the previous section.

...

Note
titleUsing SSL encryption

To use SSL encryption with LDAP, the ldap.conf file must be correctly configured on the ProVision server.

Typically, the LDAP configuration file is kept at "/etc/ldap/ldap.conf".  Make sure the following line is present:

    TLS_REQCERT allow

and restart the webserver. 

 

Add or Update LDAP Settings

...

  • LDAP Enable: Check the box to enable LDAP functionality.
  • LDAP Server Address: The IP address or domain of your LDAP server.
  • LDAP Port: 389 ( or SSL/TLS port is 636)
  • LDAP Security: Select the security method of your LDAP server - SSL, TLS or None
  • Test Server: Click to test the connection to the LDAP server.
  • LDAP Auth DN List: A query string that will be used to authenticate the user against the LDAP server.   %LOGIN% is a variable string that will be replaced with the user name.  This may be in list format, and the auth system will try each to authenticate the user. (ex: cn=%LOGIN%,ou=people,dc=6connect,dc=com)
  • LDAP Fetch DN: The LDAP query that will be used to pull the user object
  • LDAP Group Attribute:The LDAP attribute that will hold the LDAP-GNI group links. If using an internal list of user groups instead of 6connect ProVision groups, enter the attribute name for the LDAP groups here. If a Group Attribute is set, it will be used first, otherwise the 6connect ProVision schema will be used.
  • LDAP Username / LDAP Password: Optionally, you may enter LDAP admin credentials to allow ProVision to import and sync LDAP contacts. See Contact Manager for details on LDAP contacts.

...

  • NOTE: Mapping Permissions to 6connect ProVision schema: To integrate 6connect ProVision permissions with your existing directory structure then you will need the 6connect ProVision schema. It should snap in with any existing LDAP structure and allow you to assign 6connect ProVision permissions to your existing users. You can download a copy of the schema.

...