Configuring LDAP authentication

If you access Dashboards in Infor Ming.le, IFS authentication is used and you cannot use LDAP authentication.

To use LDAP in a non Infor Ming.le environment, you must set the authentication to LDAP in Service Expert. To configure LDAP, use the Repository dashboard to provide all required LDAP authentication provider settings. After configuring the LDAP authentication, you can register LDAP users and groups.
Note: After you register LDAP authentication in the repository, you can still sign in using a basic user. To sign in with basic user authentication, you must prefix the username with basic:.
  1. Select Dashboards > Farm Administration > Repository.
  2. In the Authentication Provider Settings widget, select LDAP.
  3. Click the Settings icon for LDAP.
  4. Click the General tab and specify this information:
    Server Name
    Specify the unique server name or the IP address of the server where the LDAP directory is located, for example, myldapserver.
    Port
    Specify the port number of the LDAP server.
    Root Directory
    Specify the unique name of the root directory, for example, dc=mysubdomain,dc=mydomain. You can specify multiple roots of the LDAP structure that you separate by a semicolon.
    User name and password
    Specify the user name and password to access the directory.
  5. Click the Users tab and specify this information:
    Filter
    Specify the information by which users are distinguished from other objects in the LDAP directory. For example, (&(objectCategory=person)(objectClass=user)).
    Membership from Groups
    To activate the membership from groups, select this check box.
    Group Membership
    If Membership from Groups is not selected, specify the name of the attribute type, in which the group membership of users is stored. For example, memberof.
    User Name
    Specify the name of the attribute type in which the user name is stored. For example, account_name.
    User ID
    Specify the name of the attribute type in which the unique ID of users is stored. For example, objectsid.
    User Description
    Optionally, specify the name of the attribute type, in which the description of users is stored.
  6. Click the Groups tab and specify this information:
    Filter
    Specify the information by which groups are distinguished from other objects in the LDAP directory. For example, objectclass=group.
    User Membership
    Specify the name of the attribute type, in which users who belong to a group are stored. For example, member.
    Group Name
    Specify the name of the attribute type, in which group names are stored. For example, group_name.
    Group ID
    Specify the name of the attribute type, in which the unique ID of groups is stored. For example, group_id.
    Group Description
    Optionally, specify the name of the attribute type, in which the description of groups is stored.
  7. Click the Authentication tab and select one or more of these authentication options:
    Basic Authentication (Simple Bind)
    Select this check box to use Basic authentication in the LDAP authentication provider. Other authentication options are disabled if Basic Authentication is selected.
    Secure

    Requests secure authentication. When this check box is selected, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread. In this connection it is either:

    • The security context of the user account under which the application is running,
    • The client user account that the calling thread is impersonating.
    • Sealing: Encrypts data using Kerberos.
    • Signing: Verifies data integrity to ensure that the data received is the same as the data sent.
    Anonymous
    No authentication is performed.
    Use SSL
    Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
    Fast Bind
    Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. ADSI does not verify if any of the request objects exist on the server.
    Server Bind
    If your ADsPath includes a server name, select this check box when using the LDAP provider. Do not select this check box for paths that include a domain name or for serverless paths. Specifying a server name without also selecting this check box results in unnecessary network traffic.
    Delegation
    Enables Active Directory Services Interface (ADSI) to delegate the user's security context. This is required for moving objects across domains.
    Read-only server
    For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, a selected check box indicates that a writable server is not required for a serverless binding.
  8. Click OK.