Details Screen
The Details screen of the LDAP Bridge allows you to enter the connection details for the LDAP directory. For more information on the Status, Future Status and Thumbnail sections, refer to the Details Screen chapter in the Asset Screens manual.
Bookmarks to the headings on this page:
Identification
The Identification section allows you to change the name of the LDAP Bridge and select which type of user to create.
The Identification section of the Details screen
The fields available in this section are as follows:
- Name: enter the name for the LDAP Bridge asset. By default, the value that was entered when the asset was created will appear in this field.
- User Type: select which user type to use for the LDAP users. You can select either Backend User or User. If these users need to access either the Simple Edit or Administration Interface, you need to create them as a Backend User. Otherwise, if they do not need to edit the content of the Site (for example they are member accounts) you can select User. By default Backend User is selected.
Tip: You can create System Administrator accounts for LDAP users by linking their accounts in the System Administrators Folder in the Asset Map. Once their account is in this folder, Squiz Matrix will treat it in the same way as a System Administrator account. To be able to do this, however, you need to create Backend User accounts for the LDAP users.
Connection Details
The Connection Details section allows you to enter the settings for the LDAP directory that you want to use.
The Connection Details section of the Details screen
The fields available in this section are as follows:
- Connection Status: this field will show whether or not it can connect to the LDAP directory using the information specified in the fields below. By default, it will say Unable to connect. Once you have entered the required in formation and clicked Commit, if it can connect, this will change to Connected. If it does not change, it may mean that the information you have entered is incorrect.
- System Type: select which type of LDAP directory you are using. These options include OpenLDAP and Active Directory.
-
Options: the options available are as follows:
- Use Protocol Version 3: select this option if you are using version 3 for the LDAP directory.
- Disallow Referrals: some Active Directory installations may require this option to be set. If you have trouble connecting to a directory (e.g. the system hangs when expanding the LDAP Bridge asset in the Asset Map) you may need to select this option.
- Aliases: select whether to Never dereferenced, Dereferenced during search, Dereferenced when locating the base object or Derefenced always. Please note, this is a fairly advanced feature that requires knowledge on whether and how the LDAP directory uses aliases.
- Host: enter the host to use to connect to the LDAP directory.
- Port: enter the port to use to connect to the LDAP directory.
- Base DN: enter the base DN of the LDAP directory.
- Bind DN: enter the DN of the user to bind as. This user account must exist underneath the specified Base DN, otherwise the LDAP Bridge may not be able to connect successfully. If you want to use a user that is outside of the Base DN, enter their DN into the Auth DN field below. If this field is left blank, the LDAP Bridge will assume that the LDAP directory should be accessed anonymously and the Password field will be ignore. To do this, however, the LDAP directory must be set up to allow anonymous binding.
- Password: enter the password to use when connecting to the LDAP directory.
- Auth DN: if you want to bind as a user that exists outside of the Base DN, enter their DN into this field. Otherwise, if they exist under the Base DN, enter their DN into the Bind DN field.
- Auth Filter: enter a filter specification to restrict the users who are allowed authentication to the LDAP system. For example, a filter specification such as ou=Sydney could be used torestrict authentication to users within the Sydney office. Boolean combinations can be used to further refine filtering, for example, &(ou=Sydney)(ou=Developers) to restricting authentication to developers in the Sydney office.