Configuring LDAP authentication in Adeptia Connect

You must configure Adeptia Connect for LDAP authentication to allow LDAP users to access Adeptia Connect. This page also lists the steps for configuring Adeptia Connect for secured LDAP.

This page contains the following information:

Prerequisites

Installed LDAP Server.
Administrative rights in Adeptia Connect to enable LDAP Authentication and Authorization.
Adeptia Connect is certified with Windows Active Directory and Open LDAP server.
TLSv1.2 should be enabled on LDAP Server (in case of Secured LDAP).

Configuring LDAP properties

Click Account > Settings.
Expand the Server Node Settings in the left panel.
Select the server node.
Click Edit.
Expand Systems > LDAP Authentication.

Configure the LDAP Authentication properties.

Property Name	Description
abpm.ldap.enableLdap	Enable or disable LDAP authentication.
abpm.ldap.provider.url	Provider URL to connect to LDAP Server.
abpm.ldap.enableLdapOverSSL	Enable or disable LDAP connection over SSL.
abpm.ldap.searchScopeLevel	Search scope level - One, Object, and Subtree.
abpm.ldap.bindDN	The DN used to bind against the LDAP server for the user and roles queries. This is DN with read/search permissions on the baseContextDN and rolesContextDN values. It specifies DN of the admin user in LDAP server.
abpm.ldap.bindCredential	Password for the bindDN.
abpm.ldap.baseContextDN	Fixed DN of the context to start the user search from.
abpm.ldap.baseFilter	Search filter to locate the context of the user to authenticate. The input username as obtained from the login module callback will be substituted into the filter where a "{0}" expression is seen.
abpm.ldap.rolesContextDN	Fixed DN of the context to search for user roles. For Active Directory, this is the DN where the user account is.
abpm.ldap.roleFilter	Search filter to locate the roles associated with an authenticated user. The login module callback will be substituted into the filter anywhere a "{0}"expression is seen. The authenticated userDN will be substitute into the filter where a "{1}" expression is seen.
abpm.ldap.roleAttributeID	Name of the role attribute of the context that corresponds to the name of the role. If the value of the roleAttributeIsDN property is set to true, this property is the DN of the context to query for the roleNameAttributeID attribute. If the roleAttributeIsDN property is set to false, this property is the attribute name of the role name.
abpm.ldap.roleAttributeIsDN	Flag indicating whether the user's role attribute contains the fully distinguished name of a role object, or the user's role attribute contains the role name. If the value of this property is false, the role name is taken from the value of the user's role attribute. If the value of this property is true, the role attribute represents the distinguished name of a role object. The role name is taken from the value of the roleNameAttributeId attribute of the corresponding object. The default value of this property is false.
abpm.ldap.roleNameAttributeID	Name of the role attribute of the context that corresponds to the name of the role. If the value of the roleAttributeIsDN property is set to true, this property is used to find the role object's name attribute. If the value of the roleAttributeIsDN property is set to false, this property is ignored.
abpm.ldap.roleDN.searchRoleNameAttributeID	Enable or disable searching role name attribute in user's distinguished name.
abpm.ldap.administratorUsers	Name(s) of LDAP user(s) (separated by comma) that will be treated as System Admin users in Adeptia Connect and Adeptia Connect.
abpm.ldap.administratorGroups	Name(s) of LDAP group(s) (separated by comma) that will be treated as System Admin users in Adeptia Connect and Adeptia Connect.
abpm.ldap.groupAdminUsers	Name(s) of LDAP user(s) (separated by comma) that will be treated as Group Admin users in Adeptia Connect and IT Users in Adeptia Connect.
abpm.ldap.groupAdminGroups	Name(s) of LDAP group(s) (separated by comma) that will be treated as Group Admin users in Adeptia Connect and IT Users in Adeptia Connect.
abpm.ldap.developerUsers	Name(s) of LDAP user(s) (separated by comma) that will be treated as Developer Users in Adeptia Connect and Business Users in Adeptia Connect.
abpm.ldap.developerGroups	Name(s) of LDAP group(s) (separated by comma) that will be treated as Developer Users in Adeptia Connect and business Users in Adeptia Connect.
abpm.ldap.businessUsers	Name(s) of LDAP users (separated by comma) that will be treated as Business Users in Adeptia Connect.
abpm.ldap.businessGroup	Name(s) of LDAP groups (in comma separated format) that will be treated as Business Users in Adeptia Connect.
abpm.ldap.group.itUsers	Name of the LDAP group that will be treated as IT Users in Adeptia Connect.
abpm.ldap.alwaysDefaultGroupLogin	Enable or disable login only with default LDAP group in Adeptia.
abpm.ldap.defaultLdapGroup	Entity id of the group (created in Adeptia) that shall be treated as default LDAP group.
abpm.ldap.enableDefaultGroupLogin	Enable or disable login with default LDAP group in Adeptia.
abpm.ldap.enableSSO	Enable or disable Single Sign-On in Adeptia Connect.
abpm.ldap.sso.filterClass	Class name that needs to be initiated for SSO authentication process.
abpm.ldap.enable.anonymous.login	Enable or disable anonymous login through blank password in LDAP.
abpm.ldap.referrals	Set the environment property referrals in LDAP.

Click Save.
To reload the configuration, click Reload Configuration link.
A confirmation message is displayed that the configuration has been reloaded.

Adeptia Connect Help v3.6

Configuring LDAP authentication in Adeptia Connect

Prerequisites

Configuring LDAP properties

What's new

Best practices

Frequently asked questions

Adeptia Connect APIs

Adeptia security report