LDAP Configuration

To begin, select SETTINGS > USER MANAGEMENT > Remote Authentication.

Image of the Lighthouse UI showing how to set up LDAP Configuration

  1. Select LDAP from the Scheme drop-down menu.

  2. Choose the desired Mode from the drop-down menu.

    • LDAPDownLocal

    • LDAP: Default behavior

    • LDAP/Local

    • Local/LDAP

Note:See the Glossary for more information about these modes.

  1. Add the Address and optionally the Port of the LDAP server to query.

  2. Add the LDAP Base DN that corresponds to the LDAP system being queried.
    For example, if a user’s distinguished name is cn=John Doe, dc=Users, dc=ACME, dc=com, the LDAP Base DN is dc=ACME, dc=com

  1. Add the LDAP Bind DN. This is the distinguished name of a user with privileges on the LDAP system to perform the lookups required for retrieving the username of the users, and a list of the groups they are members of.

  2. Add and confirm a password for the binding user.

  3. Add the LDAP username attribute. This depends on the underlying LDAP system. Use sAMAccountName for Active Directory systems, and uid for OpenLDAP based systems.

  4. Add the LDAP group membership attribute. This is only needed for Active Directory and is generally memberOf.

  5. If desired, check Ignore referrals option. When checked, LDAP will not follow referrals to other remote authentication servers when logging users in to Lighthouse. If multiple remote authentication servers exist on the network, checking this option may improve login times.

  1. Under the SSL section, choose the desired Server protocol.

    1. LDAP over SSL preferred: this will attempt LDAPS before trying LDAP without SSL

    2. LDAP (no SSL) only: non-SSL LDAP is always used

    3. LDAP over SSL only: LDAP over SSL is always used

  2. If desired, check Ignore SSL certificate errors to ignore any SSL certificate errors.

  3. CA Certificate is used to upload an SSL Certificate which will verify any LDAP servers you specify on the page.

Note:The certificate will be uploaded but will not be used if you've chosen to ignore certificate errors.

  1. Install the CA certificate by clicking the Browse… button and locating the appropriate file.

  1. Click Apply.

Note:Multiple servers can be added. The LDAP subsystem queries them in a round-robin fashion.