Product Documentation

Appearance

LDAP Authentication Settings

Use this section for reference when setting up LDAP authentication.

Bind Settings

The following settings apply to the Bind mode. See also LDAP Authentication Modes. The first example is for a user of a Microsoft Active Directory Server:

The second example is for a user of an OpenLDAP Server:

Test Login

Click this button to test the LDAP login credentials after filling out the fields below it.

LDAP Server

Enter the hostname or IP address of your LDAP server. For example: test.yellowbrick.io

Server Port

Enter the LDAP server port number, or leave it blank for the default (389 for unsecured mode or TLS, 636 for LDAPS (SSL).

Secure Mode

Choose from Unsecured, LDAPS, or TLS.

DN Prefix

The DN prefix is the first component of a fully qualified distinguished name. For example: cn= or uid=. Depending on your LDAP environment, the CN (common name) value may be either a username or the first and last name of the user. A UID (user ID) is an LDAP account attribute that stores a username. Both CN and UID formats work for OpenLDAP configurations.

Note: No prefix is required for Active Directory configurations.

DN Suffix

The DN suffix is the remaining piece of a fully qualified distinguished name. A DN suffix may consist of an OU (organizational unit) and domain components (DCs). For example: ,ou=OrgUsers,dc=test,dc=yellowbrick,dc=io. Alternatively, you can use the UPN (user principal name) format: @domain. For example: @test.yellowbrick.io. For Active Directory configurations, use the UPN suffix.

Search, then Bind Settings

The following settings apply only to the Search, then Bind mode. See also LDAP Authentication Modes. Here is an example for a user of a Microsoft Active Directory Server:

Base DN
Enter the base search tree DN for locating LDAP entries: the distinguished name where the directory search should begin.
Bind DN
Enter the DN for initial binding to the LDAP server, or leave blank for anonymous binding. (Anonymous binding allows a client to connect and search the directory without logging in.)
Bind Password (two fields)
Enter the password for the initial binding (twice).
Search Attribute
Enter a search attribute, such as cn, uid, or sAMAccountName, which is an Active Directory user account field.

Parent topic:LDAP Authentication