How-to | Add LDAP users via LDAP configuration#
DSS can authenticate users against an external LDAP directory in addition to its built-in user database. Most corporate directories provide LDAP authentication service, including Microsoft Active Directory. This enables integration of user and password management, as well as user rights assignment, with existing centrally-managed infrastructures.
Gather LDAP information#
Before configuring LDAP authentication, you’ll need to gather the following information about your directory service. For more information about these prerequisites, visit Configuring LDAP authentication.
Basic connection information to your LDAP server (host name and port, credentials, connection security). To be obtained from your LDAP administrator.
A filter (LDAP query template) defining the subset of your directory corresponding to users authorized to access this DSS instance.
Optionally, another filter defining the groups to which a given user belongs, in order to further restrict login authorization (only members of these groups being authorized to access this DSS instance) or to define user rights within DSS.
Connect to the LDAP directory#
To configure the connection to the LDAP directory, follow the instructions at Connecting to a LDAP directory.
Parameter guidelines:#
Connection
Enter the LDAP Server URL from your LDAP administrator. The BASE part of the server URL specifies the search base DN (Distinguished Name) to use for user and group queries. This part is mandatory. A valid URL would be, for example:
ldap://ldap1.company.com/OU=France,DC=company,DC=com
Note
For more information, visit Connection parameters.
Users mapping
In User filter, enter a query placeholder. DSS replaces this placeholder by the username that the user enters on the DSS sign-in page.
In Display name attribute and Email attribute, specify which attributes of the query correspond to the user’s display name and email in the directory.
Select Automatically import users to automatically import users.
Groups mapping
Use this mapping to define which groups a user belongs to.
In Group name attribute, specify an attribute for the group name.
In Authorized groups, add the whitelist groups that are permitted to connect to DSS.
Use Profiles mapping to define what profile a group is assigned to.