On this page:

As an example of the process of adding and connecting to the LDAP server, the connection timeout is defined in milliseconds (ms) and specifies the period of response waiting time from the LDAP server. 

Adding LDAP server

To add an LDAP server


  1. Go to Setting application > LDAP management page. 

  2. In the right bottom corner of the page click . The Create LDAP configuration page opens.

  3. Enter all required data and click the Save button.

The table below shows the components of Create LDAP configuration page.

UI ComponentDescription
Configuration nameEnter the connection name of the LDAP server. A duplicate name is allowed.
Server address

Enter the server IP address/hostname. This is a mandatory field and is editable once created. You will get an error message if you enter a duplicate server IP address or hostname.

PortIf you need to change the default port number.
Connect timeout (ms)The maximum amount of time in milliseconds for the system to system to successfully authenticate a single server (5000 is the default value). If authentication fails, the system will query the next server in the queue. This field is required.
Read timeout (ms)The maximum amount of time in milliseconds for the system to system to successfully query User DN before requiring a similar authentication service (10000 is the default value). This field is required.

Anonymous bind/Administrator bind

A mode of bind specifying whether a user connects to the LDAP server with a specific username or anonymously for finding the Distinguished Name (DN) of a user corresponding to the user trying to log into the TWCloud system.

If you select Anonymous bind, the Username and Password are not required and the system username and password will be disabled.

UsernameThe DN of a user to connect to the LDAP server and perform queries.
PasswordThe system password to connect to the LDAP server and perform queries.

Enabled/Disabled

The option to enable a connection with the LDAP server. When disabled users within LDAP will not be able to sign in.

To save the LDAP server's configuration properties. The function of this button is the same as that of the Save button on the Edit LDAP Configuration page.
Specific for authentication data
Search baseThe authentication methods. It defines the location in the directory from which the LDAP search begins.

LDAP query - To search for users by LDAP query. This is the default option.

User DN Template - The button to search for users by User DN.

User DNTo store a template for mapping user authentication with LDAP servers using the LDAP distinguished names.
Query

An LDAP query for searching, retrieving and importing the DN of a user, e.g., (uid={0}).

Note

  • In the case of a group, the cn attribute is used by default.
  • If you want to use other attributes, you need to change the attribute in the usergroup.attribute parameter in the application.conf TWCloud configuration file as shown below and restart the server after updating the configuration.

    esi.ldap
    {
      ...
      usergroup.attribute = cn
      ...
    }
Specific for encryption data
Encryption ProtocolThe SSL and TLS are data encryption and authentication for a secure connection with the server. You can select None, SSL/TLS. Selecting None indicates you do not need to use an encryption protocol.
LDAP server certificate

The option to select a certificate file. The LDAP Server Certificate file is exported from the LDAP server to make a secure connection between the TWCloud Admin and LDAP server. Only files with the following extensions may be uploaded: crt, pem.

To select a certificate file (enabled if SSL/TLS is selected).

To remove the certificate file (enabled if either SSL/TLS is selected).


Authentication data

The LDAP query authentication method is selected by default. The Active Directory LDAP attribute name and value should be set to (sAMAccountName={0})”. Besides sAMAccountName, you can use any attribute name, but it must be followed with “={0}”. The authentication information group should look like the following figure.


All LDAP users necessary to connect to Teamwork Cloud reside in CN=Users. The Search Base of this kind of LDAP server should be CN=Users,DC=example,DC=com. The pattern for the Search Base is {Parent_Of_LDAP_Users},{Grand_Parent_Of_LDAP_Users},…{n}.

Note

Only users that are under the  Search Base will be able to log in using the User DN Template authentication method. Other users in another subtree will be unable to log in. See the Authentication section in Configuring LDAP properties to configure the authentication method using User DN Template.

If the LDAP server is OpenLDAP or ApacheDS, the default attribute name is uid. If the LDAP server is set for LDAP query, the LDAP query for querying a user DN should be entered into the Query box. Click the following link for more information about the LDAP query https://www.ietf.org/rfc/rfc2254.txt.

Configuring encryption data

The LDAP server connection is secured with SSL/TLS protocol (LDAPS) at default port number 636. The Encryption Protocol must be SSL/TLS, and the LDAP server certificate file must be selected.