Configuring the LDAP settings and server

You configure the LDAP connection from the Control Panel. The settings include whether LDAP is enabled and required for authentication, the connection to the LDAP server, and whether to import or export users to or from the LDAP directory.

1. From the Studio menu, click Control Panel.
2. On the Control Panel menu, click Settings.
3. In the Settings page menu to the right, click Authentication.
4. Click the LDAP tab.
   
5. On the LDAP tab:
6. To enable LDAP authentication, check the Enabled checkbox.
7. To only allow users to log in using an LDAP account, check the Required checkbox.

   If this box is checked, then any users that you create manually in Studio cannot log in.

   To make sure that users you create manually can log in, make sure that this box is not checked.

8. To populate the LDAP server configuration fields with default values based on a specific type of server:
   1. Under Default Values, click the radio button for the type of server you are using.
   2. Click Reset Values.
9. The Connection settings cover the basic connection to LDAP:
   
   
   

   Field	Description
   Base Provider URL	The location of your LDAP server. Make sure that the machine on which Studio is installed can communicate with the LDAP server. If there is a firewall between the two systems, make sure that the appropriate ports are opened.
   Base DN	The Base Distinguished Name for your LDAP directory. For a commercial organization, it may look something like: dc=companynamehere,dc=com
   Principal	The user name of the administrator account for your LDAP system. This ID is used to synchronize user accounts to and from LDAP.
   Credentials	The password for the administrative user.

   After providing the connection information, to test the connection to the LDAP server, click the Test LDAP Connection button.

10. The Users section contains settings for finding users in your LDAP directory. The first couple of settings are filters for finding and identifying users.
    
    
    

    Field	Description
    Authentication Search Filter	Determines the search criteria for user logins. By default, users log in using their email address. If you have changed this setting, you must modify the search filter here. For example, if you changed the authentication method to use the screen name, you would modify the search filter so that it can match the entered login name: (cn=@screen_name@)
    Import Search Filter	Depending on the LDAP server, there are different ways to identify the user. The default setting (objectClass=inetOrgPerson) usually is fine, but to search for only a subset of users or for users that have different object classes, you can change this.

11. Under User Mapping, map your LDAP attributes to the Studio user fields:
    
    
    

    After setting up the attribute mappings, to test the mappings, click Test LDAP Users.

12. Under Groups, map your LDAP groups.
    
    
    

    In the Import Search Filter field, type the filter for finding LDAP groups, then map the following fields:

    • Group Name
    • Description
    • User

    To test the group mappings, click Test LDAP Groups. The system displays a list of the groups returned by your search filter.

13. The Import/Export section is used to configure importing and exporting of LDAP user data:
    
    1. If the Import Enabled checkbox is checked, then when you start Studio, it can import all of your LDAP groups and users.

       If the box is not checked, then Studio synchronizes each user as they log in.

       It is recommended that you leave this box unchecked.

    2. If the Export Enabled checkbox is checked, then any changes to the user in Studio are exported to the LDAP system.

       It is recommended that you leave this box unchecked.

14. To use the password policy from your LDAP system, instead of the Studio password policy, check the Use LDAP Password Policy checkbox.
    
15. To save the LDAP configuration, click Save.