Configuring the LDAP authentication

After the farm is successfully configured with Farm Expert, you must configure the LDAP authentication option in EPM Administration.

  1. Log on to EPM Administration with a basic administrator user name and password.

    To log on with basic users to an LDAP-configured farm, specify these credentials:

    User
    Basic:<user name>
    Password
    <password>
  2. Select EPM Administration > Dashboards Farm Administration > Repository dashboard.
    The Authentication Provider Settings show that LDAP is enabled.
  3. Click the Settings icon for LDAP.
  4. On the LDAP Authentication Provider Settings menu, select the General tab.
  5. Configure and test the connection to LDAP server.
  6. On the Users tab, specify the filter, by which to list users.
  7. Select the Membership from Groups check box if your LDAP server does not allow querying the Membership information from user perspective.
  8. To match the LDAP user properties, specify the User Name, Label_User_ID and User Description fields.
  9. Select the Groups tab and specify the filter, by which to list groups.
  10. To match the LDAP group properties, specify the Group Name, Group ID and Group Description fields.
  11. Select the Authentication tab and specify the LDAP authentication type.
    You can choose from these authentication options:
    Basic Authentication (Simple Bind)
    Use this option for standard LDAP authentication using a username and a password.
    Secure Authentication
    Use this option for secure authentication over TLS (for example, STARTTLS or LDAPS).
    Anonymous Authentication
    Use this option if you do not need authentication.
    Use SSL
    Use this option to encrypt the connection using SSL/TLS.
    Fast Bind
    Use this option if you want to expose only the base interfaces that are supported by all Active Directory Services Interface (ADSI) objects.
    Server Bind
    Use this option if your ADsPath includes a specific server name (not for domain or serverless paths).
    Delegation
    Use this option to allow ADSI to delegate the security context.
    Read-only server
    Use this option if you do not need a writable server for a serverless binding.