An LDAP directory is used to validate role access for a group of users, or to auto-enroll users into a role. Click the Directory subtab to view a list of the directory objects. Show Only System Administrators can add or edit a directory object. However, Group Administrators can view the settings of a directory object, and can assign directory objects to roles. Directory name Represents the directory object and all of its settings. When a System Administrator or a Group Administrator adds a directory to a role, this name appears as an option. LDAP Server Specifies the hostname or IP address of your LDAP server. LDAP Port Specifies the port number for your LDAP server. Login Attribute Specifies the attribute in your LDAP directory that represents the user ID. Common examples are cn (common name) and uid. Base DN (Distinguished Name) These attributes must be added to the login attribute to produce the distinguished name that you want. Description The Description field is visible on this panel, and also as a tooltip in the directory selection drop-down list, when an administrator selects this directory for a role. This field can be used to show information about the intended usage of this Directory, or notes to others who use or edit this profile. Assign Roles Specifies every role which uses this directory for its authentication. Consider the contents of this field before you delete this directory. This field can also provide information about which users are given access to which roles. Create a Directory ObjectUse a directory object to store LDAP information for validating your users.
Manage LDAP Distinguished NamesSome LDAP systems require a password protected bind in order to authenticate other users. If your LDAP server is set up this way, you can add an LDAP Bind DN in the directory panel. The LDAP Bind DN is the distinguished name of an account that can authenticate other users. The LDAP Bind DN should be a complete DN, including login attribute, username, and the appropriate base distinguished name. The following example describes how Web Viewer determines and uses the Distinguished Name:Determination of the LDAP Distinguished Name Assume that a user with the user name "Jim" logs into Directory A which has the following setup:
The resulting Distinguished Name would be: cn=Jim,ou=west,ou=sales,dc=your_company,dc=com Mapping LDAP attributes to Roles
Deleting a Directory Object
For more information, see Roles, Role Authentication. Listing Directory Objects
Editing Directory SettingsFollow these steps :1. From the Administration Tab, click the Directory subtab. The Directory list is displayed in the left pane. 2. Select a Directory. The edit Directory panel appears in the right pane. 3. Edit the settings as needed. For more information, see Directory Settings and their Meanings. 4. Click Update at the top right of the pane. The Directory object is updated. What components make up an object distinguished name DN?The DN is the name that uniquely identifies an entry in the directory. The first component of the DN is referred to as the Relative Distinguished Name (RDN). Any of the attributes defined in the directory schema can be used to make up a DN.
...
Pseudo DNs.. What is object distinguished name?The DN is the name that uniquely identifies an entry in the directory. A distinguished name, which specifies the complete path to the object through the hierarchy of containers can be used to uniquely reference an object.
What does DN contain?These building blocks are made of three parts: a phosphate group, a sugar group and one of four types of nitrogen bases. To form a strand of DNA, nucleotides are linked into chains, with the phosphate and sugar groups alternating.
What is a DC in a distinguished name?(In the distinguished name, DC is the abbreviation for domain component, and CN is the abbreviation for common name.) The relative distinguished name of the James Smith user object is James Smith.
|