Configuring the LDAP authentication
Prerequisite
To set up a link to an LDAP directory, you must check the following:
- If there is a firewall between the Akuiteo server and the directory, this firewall must be configured to let communications go through on the relevant port (389 for example).
- A "technical" account must be created with the following characteristics:
- The account has read rights to access the whole directory.
- The account can read all the attributes of a directory's entry.
- The account is not locked.
- The password cannot and must not be modified, and never expires.
- The users declared in Akuiteo must have the same login as the one used in the LDAP.
Example
If the user Mary James is declared in the directory as MJS, this user's login must also be MJS in Akuiteo.
Configuring the Administration console
The information to access an LDAP directory is defined in the Administration console, from the Security > LDAP menu.
| 1 | From the LDAP screen, click on the New configuration button at the top right of the screen. |
| 2 | In the configuration window, fill in the following fields: |
| Field | Description |
|---|---|
| Code | Enter a code to identify the directory. This code must be unique. |
| Login |
Fill in the full login of the technical account, for example CN=LDAPBrowser,OU=Technique,OU=Republique,DC=akuiteo,DC=lan. Tip If you use Active Directory, this login is specified in the properties of the "technical" user > Attribute Editor tab > distinguishedName attribute. |
| Password | Specify the password associated with the technical account. |
| Dn Base |
Fill in the path to the start of the tree structure, for example OU=Republique,DC=akuiteo,DC=lan. Tip If you use Active Directory, this is specified in the properties at the root of the users tree structure > Attribute Editor tab > dnBase attribute. |
| URL 1 |
Specify the name or IP address of the LDAP server, with the communication port for LDAP accesses (389 by default). The address follows this example: ldap://server:389. You can specify as many URLs as needed, for example in case of a server failure. In this situation, the URL 1 is used in priority. If this URL does not work, the URL 2 is then used, and so on. This switchover is done automatically when the current directory no longer works, without having to restart the Akuiteo server. |
| By default |
If you have configured multiple servers, check this box to define which server to use. If you have only one server configured, you must check this box. |
| Authentication |
Check this box to enable the authentication with the LDAP directory. If the box is not checked, the authentication will be based on another authentication method (if active) or on the database. |
| 3 | Click on Test then save to test the connection to the LDAP directory using the values specified. |
If the connection is made, the directory is added to the Administration console. If the connection cannot be made, an error message is displayed.
To modify the information of a directory, click on 
for the relevant directory, make all necessary modifications then click on Test then save.
To delete a directory, click on 
for the relevant directory then confirm the deletion.
