As an example of the process of adding and connecting to an LDAP server, let's suppose you want to add an LDAP server named Active Directory running on host 192.168.1.1. The default LDAP port is 389. If it is not the default, you must place the port number after a colon “:” (for example, 192.168.1.1:10389). The connection timeout is defined in milliseconds (ms) and specifies the period of response waiting time from the LDAP server. Following are the steps to add the LDAP server Active Directory using this example.

To add and configure an LDAP server

  1. Click  to open the LDAP User Directories page. 

  2. Click . The Create LDAP directory page will open to configure the LDAP server settings. This LDAP server connecting method is not set for Anonymous Bind, so the system username and password are required. The system username is normally authorized for querying other LDAP users in the LDAP directories. Make sure that the authorized system username and password are entered (full User DN system username is required). The connection information group must look like the following figure. 



  3. Input the configuration properties to connect to the LDAP server.

    The LDAP server connection is secured with SSL protocol (LDAPS) at default port number 636. The Encryption Protocol must be SSL, and the LDAP server certificate file must be selected. The Encryption information group must look like the following figure.



    Note

    If the LDAPS port number is not the default (636), the Server Address shall be specified with the LDAPS port (or example, 192.168.1.1:10636).


    Now the structure of the LDAP Active Directory in a tree view is as follows.

    All LDAP users necessary to connect to Teamwork Cloud reside in CN=Users. The Search Base of this kind of LDAP server should be CN=Users,DC=example,DC=com. The pattern for the Search Base is {Parent_Of_LDAP_Users},{Grand_Parent_Of_LDAP_Users},…{n}.

    Note

    Only users that are under the Search Base will be able to log in using the User DN Template authentication method. Other users in another subtree will be unable to log in. See the Authentication section in Configuring LDAP properties to configure the authentication method using User DN Template.

  4. The Retrieve User DN by using an LDAP query authentication method is selected by default. This Active Directory LDAP attribute name and value should be set to (sAMAccountName={0})”. Besides sAMAccountName, you can use any attribute name, but it must be followed with “={0}”. The Authentication information group is similar to the following figure.

    Note

    If the LDAP server is OpenLDAP or ApacheDS, the default attribute name is uid. If the LDAP server is set for Retrieve User DN by using an LDAP query, the LDAP query for querying a user DN should be entered into the Query box. Click the following for more information about the LDAP query https://www.ietf.org/rfc/rfc2254.txt.

  5. Click . The LDAP server's address and name will be added to the directory.