Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Content layer
id1327920386
Content column
id1327920407
Content block
id1327920384

On this page:

Table of Contents
maxLevel4

Content block
id1327920396

As an example of the process of adding and connecting to the LDAP server, the connection timeout is defined in milliseconds (ms) and specifies the period of response waiting time from the LDAP server. 

Adding LDAP server

To add an LDAP server


  1. Go to Setting application > LDAP management page. 

  2. In the right bottom corner of the page click . The Create LDAP configuration page opens.

  3. Enter all required data and click click the Save button.


Adding and configuring a new LDAP server.

The table below describes the components of the Create LDAP configuration page.

UI ComponentDescription
Configuration nameEnter the connection name of the LDAP server. A duplicate name is allowed.
Server address

Enter the server IP address/hostname. This is a mandatory field and is editable once created. You will get an error message if you enter a duplicate server IP address or hostname.

PortIf you need to change the default port number.
Connect timeout (ms)The maximum amount of time in milliseconds for the system to system to successfully authenticate a single server (5000 is the default value). If authentication fails, the system will query the next server in the queue. This field is required.
Read timeout (ms)The maximum amount of time in milliseconds for the system to system to successfully query User DN before requiring a similar authentication service (10000 is the default value). This field is required.

Bind as

A mode of bind specifying whether a user connects to the LDAP server with a specific username or anonymously for finding the Distinguished Name (DN) of a user corresponding to the user trying to log into the TWCloud system.

If you select Anonymous, the Username and Password are not required and the system username and password will be disabled.

UsernameThe DN of a user to connect to the LDAP server and perform queries.
PasswordThe system password to connect to the LDAP server and perform queries.

Enabled/Disabled

The option to enable a connection with the LDAP server. When disabled users within LDAP will not be able to sign in.

Image Modified

Click to save the LDAP server configuration properties. The function of this button is the same as that of the Save button on the Edit LDAP Configuration page.
Specific for authentication data
Search baseThe authentication methods. It defines the location in the directory from which the LDAP search begins.

Authenticate using

Select LDAP query tosearch for users by LDAP query. This is the default option.Select User DN Template to search for users by User DN.

User DNTo store a template for mapping user authentication with LDAP servers using the LDAP distinguished names.
Users query

An LDAP query for searching, retrieving, and importing users, e.g., (&(cn={0})(objectClass=user)). Note that Users query and User groups query must be different. Both queries work only in the Search base scope.

User groups queryAn LDAP query for searching, retrieving, and importing user groups, e.g., (&(cn={0})(objectClass=group)). Note that Users query and User groups query must be different. Both queries work only in the Search base scope.
Specific for encryption data
Encryption ProtocolThe SSL and TLS are data encryption and authentication for a secure connection with the server. You can select None, SSL/TLS. Selecting None indicates you do not need to use an encryption protocol.
LDAP server certificate

The option to select a certificate file. The LDAP Server Certificate file is exported from the LDAP server to make a secure connection between the TWCloud Admin and LDAP server. Only files with the following extensions may be uploaded: crt, pem.

Image Modified

To select a certificate file (enabled if SSL/TLS is selected).

Image Modified

To remove the certificate file (enabled if either SSL/TLS is selected).


Authentication data

The LDAP query authentication method is selected by default. The Active Directory LDAP attribute name and value should be set to (sAMAccountName={0})”. Besides sAMAccountName, you can use any attribute name, but it must be followed with “={0}”. The authentication information group should look like the following figure.


All LDAP users necessary to connect to Teamwork Cloud reside in CN=Users. The Search Base of this kind of LDAP server should be CN=Users,DC=example,DC=com. The pattern for the Search Base is {Parent_Of_LDAP_Users},{Grand_Parent_Of_LDAP_Users},…{n}.

Note
titleNote
Only users that are under the  Search Base  will will be able to log in using the User DN Template authentication method. Other users in another subtree will be unable to log in. See the Authentication section in Configuring LDAP properties to configure the authentication method using User DN Template.

If the LDAP server is OpenLDAP or ApacheDS, the default attribute name is uid. If the LDAP server is set for LDAP query, the LDAP query for querying a user DN should be entered into the Query box. Click the following link for more information about the LDAP query https://www.ietf.org/rfc/rfc2254.txt.

Configuring encryption data

The LDAP server connection is secured with SSL/TLS protocol (LDAPS) at default port number 636. The Encryption Protocol must be SSL/TLS, and the LDAP server certificate file must be selected. The encryption information group should look like the following figure.