Teamwork Cloud 18.4 Documentation

Skip to end of metadata
Go to start of metadata

A Server Administrator can add as many LDAP servers as needed. Depending on your permission, you may edit a server's configuration, disable a server, or delete it. Once you have added the LDAP servers and successfully connected to them, the TWAdmin will store these servers on the LDAP User Directories page. 

When adding an LDAP server, you need to input the LDAP server's configuration properties such as the connection settings, server address, server timeout, and encryption protocol that will be used to connect to the LDAP server. Each LDAP server has its own setting properties. The configuration settings are categorized into three groups: Connection, Encryption, and Authentication. An example of how to add an LDAP server to TWCloud is provided at the end of the page.

 

The LDAP server settings.

 

The table below shows the UI components of the LDAP server's configuration properties. 

UI ComponentDescription








Connection 

EnableThe option to enable a connection with the LDAP server.
NameTo enter the connection name of the LDAP server. A duplicate name is allowed.
Server Address

To enter the server IP address/hostname and the server port. This is a mandatory field and is editable once created. You will get an error message if you enter a duplicate server IP address or hostname.

The port number is optional. If you do not specify the port number, the port number, 389, will be used for none encryption protocol and 636 will be used for SSL protocol.

Server TimeoutThe maximum amount of time in milliseconds for the system to successfully authenticate a single server. If authentication fails, the system will query the next server in queue. 
Anonymous Bind

A mode of bind specifying whether a user connects to the LDAP server with a specific username or anonymously for being able to find the Distinguished Name (DN) of a user that corresponds to the user trying to log into the TWCloud system.

If you select this check box, the Bind username and password are not required and the system username and password will be disabled.

System UsernameThe DN of a user to connect to the LDAP server and perform queries.
System PasswordThe system password to connect to the LDAP server and perform queries.



Encryption

Encryption ProtocolThe SSL and TLS are data encryption and authentication for a secure connection with the server. You can select None, SSL, or TLS. If you select None, it means you do not need to use an encryption protocol.
LDAP Server CertificateThe option to select a certificate file.
To select a certificate file (enabled if either SSL or TLS is selected).
To clear the certificate file (enabled if either SSL or TLS is selected).





Authentication

Search BaseThe authentication methods. It defines the location in the directory from which the LDAP search begins.
Use User DN TemplateThe button to search for users by User DN.
User DNTo store a template that will be used for mapping user authentication with LDAP servers using the LDAP distinguished names.
Retrieve User DN by Using an LDAP QueryThe button to search for users by LDAP query.
QueryThe LDAP query for retrieving the DN of a user, for example, (uid={0}).
Test Connection button

To test a connection to the specified LDAP server using the current configuration, system's username, and password.

To create or save changes to the LDAP server's configuration properties. The function of this button is the same as that of the Save button on the Edit LDAP Configuration page. 


To better explain the process of adding an LDAP server and connecting to it, let's suppose you want to add an LDAP server named Active Directory running on host 192.168.1.1. The with default LDAP port is 389 (if it is not default, the port number must be placed after a colon “:”. For example, 192.168.1.1:10389). The server timeout is defined in millisecond(ms) and is used to specify the period of response waiting time from the LDAP server. Following are the steps to add the LDAP server Active Directory using the above example.

How to add and configure an LDAP server

  1. Click  to open the LDAP User Directories page. 

    LDAP User Directories page

    The LDAP User Directories page.

  2. Click . The Create LDAP directory page will open for you to configure the LDAP server settings. This LDAP server connecting method is not set for Anonymous Bind. So, the system username and password are required. The system username normally is authorized for querying other LDAP users in the LDAP directories. Make sure that the authorized system username and password are entered (full User DN system username is required). Now, the connection information group has to look like the following figure. 


    The LDAP connection configuration.


  3. Input the configuration properties to connect to the LDAP server.

    The LDAP server connection is secured with SSL protocol (LDAPS) at default port number 636. So, the Encryption Protocol have to be “SSL”, and the LDAP server certificate file have to be selected. The Encryption information group has to look like the following figure.



    The LDAP encryption configuration.

    Note

    If the LDAPS port number is not the default (636), the Server Address shall be specified with the LDAPS port. For example, 192.168.1.1:10636.


    Now the structure of the LDAP Active Directory in a tree view is as follows.

    All LDAP users that are needed to connect to Teamwork Cloud, reside in “CN=Users”. So Search Base of this kind of LDAP server should be “CN=Users,DC=example,DC=com”. The pattern for the Search Base is {Parent_Of_LDAP_Users},{Grand_Parent_Of_LDAP_Users},…{n}.

    Note

    Only users that are under the Searchbase will be able to log in using User DN template authentication. Other users in another subtree will be unable to log in.

  4. This LDAP server is set for the “Use User DN Template” authentication method. So, this Active Directory LDAP attribute name and value should be set as “sAMAccountName={0}”. In case the attribute is not “sAMAccountName”, it could be any name, but it have to be after with “={0}”. The Authentication information group will look like the following figure.


    The LDAP authentication configuration.


    Note

    If the LDAP server is OpenLDAP or ApacheDS, the default attribute name is “uid”. If the LDAP server is set for “Retrieve User DN by using an LDAP query”, the LDAP query for querying user DN should be entered into the Query field. Click the following for more information about LDAP query https://www.ietf.org/rfc/rfc2254.txt

  5. Click Create. The LDAP server's address and name will be added to the directory. 

 

  • No labels