Configuring LDAP authentication in Adeptia Connect
Akash Kumar Jaiswal (Unlicensed)
You must configure Adeptia Connect for LDAP authentication to allow LDAP users to access Adeptia Connect. This page also lists the steps for configuring Adeptia Connect for secured LDAP.
This page contains the following information:
Prerequisites
- Installed LDAP Server.
- Administrative rights in Adeptia Connect to enable LDAP Authentication and Authorization.
- Adeptia Connect is certified with Windows Active Directory and Open LDAP server.
- TLSv1.2 should be enabled on LDAP Server (in case of Secured LDAP).
Configuring LDAP properties
- Click Accounts > Settings.
- Expand the Server Node Settings in the left panel.
- Select the server node.
- Click Edit.
- Expand Systems > LDAP Authentication.
Configure the LDAP Authentication properties.
Property Name
Description
abpm.ldap.enableLdap
Enable or disable LDAP authentication.
abpm.ldap.provider.url
Provider URL to connect to LDAP Server.
abpm.ldap.enableLdapOverSSL
Enable or disable LDAP connection over SSL.
abpm.ldap.searchScopeLevel
Search scope level - One, Object, and Subtree.
abpm.ldap.bindDN
The DN used to bind against the LDAP server for the user and roles queries. This is DN with read/search permissions on the baseContextDN and rolesContextDN values. It specifies DN of the admin user in LDAP server.
abpm.ldap.bindCredential
Password for the bindDN.
abpm.ldap.baseContextDN
Fixed DN of the context to start the user search from.
abpm.ldap.baseFilter
Search filter to locate the context of the user to authenticate. The input username as obtained from the login module callback will be substituted into the filter where a "{0}" expression is seen.
abpm.ldap.rolesContextDN
Fixed DN of the context to search for user roles. For Active Directory, this is the DN where the user account is.
abpm.ldap.roleFilter
Search filter to locate the roles associated with an authenticated user. The login module callback will be substituted into the filter anywhere a "{0}"expression is seen. The authenticated userDN will be substitute into the filter where a "{1}" expression is seen.
abpm.ldap.roleAttributeID
Name of the role attribute of the context that corresponds to the name of the role.
If the value of the roleAttributeIsDN property is set to true, this property is the DN of the context to query for the roleNameAttributeID attribute.
If the roleAttributeIsDN property is set to false, this property is the attribute name of the role name.abpm.ldap.roleAttributeIsDN
Flag indicating whether the user's role attribute contains the fully distinguished name of a role object, or the user's role attribute contains the role name.
If the value of this property is false, the role name is taken from the value of the user's role attribute.
If the value of this property is true, the role attribute represents the distinguished name of a role object.
The role name is taken from the value of the roleNameAttributeId attribute of the corresponding object. The default value of this property is false.abpm.ldap.roleNameAttributeID
Name of the role attribute of the context that corresponds to the name of the role.
If the value of the roleAttributeIsDN property is set to true, this property is used to find the role object's name attribute.
If the value of the roleAttributeIsDN property is set to false, this property is ignored.abpm.ldap.roleDN.searchRoleNameAttributeID
Enable or disable searching role name attribute in user's distinguished name.
abpm.ldap.administratorUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as System Admin users in Adeptia Connect and Adeptia Connect.
abpm.ldap.administratorGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as System Admin users in Adeptia Connect and Adeptia Connect.
abpm.ldap.groupAdminUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as Group Admin users in Adeptia Connect and IT Users in Adeptia Connect.
abpm.ldap.groupAdminGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as Group Admin users in Adeptia Connect and IT Users in Adeptia Connect.
abpm.ldap.developerUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as Developer Users in Adeptia Connect and Business Users in Adeptia Connect.
abpm.ldap.developerGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as Developer Users in Adeptia Connect and business Users in Adeptia Connect.
abpm.ldap.businessUsers
Name(s) of LDAP users (separated by comma) that will be treated as Business Users in Adeptia Connect.
abpm.ldap.businessGroup
Name(s) of LDAP groups (in comma separated format) that will be treated as Business Users in Adeptia Connect.
abpm.ldap.group.itUsers Name of the LDAP group that will be treated as IT Users in Adeptia Connect. abpm.ldap.alwaysDefaultGroupLogin
Enable or disable login only with default LDAP group in Adeptia.
abpm.ldap.defaultLdapGroup
Entity id of the group (created in Adeptia) that shall be treated as default LDAP group.
abpm.ldap.enableDefaultGroupLogin
Enable or disable login with default LDAP group in Adeptia.
abpm.ldap.enableSSO
Enable or disable Single Sign-On in Adeptia Connect.
abpm.ldap.sso.filterClass
Class name that needs to be initiated for SSO authentication process.
abpm.ldap.enable.anonymous.login
Enable or disable anonymous login through blank password in LDAP.
abpm.ldap.referrals
Set the environment property referrals in LDAP.
- Click Save.
- To reload the configuration, click Reload Configuration link.
A confirmation message is displayed that the configuration has been reloaded.