LDAP Configuration

  1. Select > USERS & ACCOUNTS > Remote Authentication
    The REMOTE AUTHENTICATION page displays.

  2. From the Scheme options, select LDAP.

  3. Select the required Mode:

    • LDAPDownLocal

    • LDAP Mode

    • LocalLDAP

    • LDAPLocal

  4. Enter the Address and optionally the Port of the remote authentication server to query. The port setting defaults to LDAP/LDAPS standard ports if not entered.

    Note:  Click Add Authentication Server to add multiple servers. The LDAP subsystem queries them in a round-robin fashion.

  5. Enter the LDAP Base DN that corresponds to the LDAP system being queried.
    For example, if a user’s distinguished name is cn=John Doe,dc=Users,dc=ACME,dc=com, the LDAP Base DN is dc=ACME,dc=com.

  6. Enter the LDAP Bind DN. This is the distinguished name of a user with privileges on the LDAP system to perform the lookups required for retrieving the username of the users, and a list of the groups they are members of.

  7. Enter and confirm the Bind DN Password for the binding user.

  8. Enter the LDAP username attribute. This depends on the underlying LDAP system.
    Use sAMAccountName for Active Directory systems, and uid for OpenLDAP based systems.

  9. Enter the LDAP group membership attribute.
    This is only required for Active Directory and is generally memberOf.

  10. If required, check Ignore referrals option.
    When checked, LDAP will not follow referrals to other remote authentication servers when logging users in to Lighthouse. If multiple remote authentication servers exist on the network, checking this option may improve login times.

  11. Under the SSL section, choose the required Server protocol.

    1. LDAP over SSL preferred: this will attempt LDAPS before trying LDAP without SSL

    2. LDAP (no SSL) only: non-SSL LDAP is always used

    3. LDAP over SSL only: LDAP over SSL is always used

  12. Check Ignore SSL certificate errors to ignore any SSL certificate errors encountered when accessing LDAPS servers.
    If this option is checked, a certificate file uploaded will not be used.

  13. To UPLOAD CERTIFICATE FILE to validate LDAPS servers, navigate to the directory containing the appropriate upgrade image file and drag and drop the image onto the target page section or click select file to open a dialog.

    Note:  Supported files: .crt, .cer, .ca-bundle, .p7b, .p7c, .p7s, .pem, .txt

  14. Click Apply.