Adding LDAP servers

Add an LDAP server to retrieve users from it.

The license server only retrieves LDAP users configured in the following objectClass types: person, organizationalPerson, and inetOrgPerson.

1. Click Server Options.

The Server Options dialog box opens.

2. Select Active Directory/LDAP from the Authentication category.

3. Click Add LDAP.

The Add LDAP Server dialog box opens.

4. Enter a server Name, the LDAP server IP address or alias as the Host, and the Port number. The default port is 389.

If the license server is running on Windows and you select the Use SSL option, the port number automatically changes to 636, which is the standard port for LDAP SSL on Windows. The standard LDAP SSL port on Linux is 389.

5. Enter the Base directory DN to specify where to start searching from in the LDAP tree. For example, your Base DN is wysicorp.com and includes development, sales, and support nodes. Entering o=sales, dc=wysicorp, dc=com instructs the license server to start searching from sales.

6. Select Use SSL to encrypt authentication messages sent over the network.

Selecting this option requires the license server to use the Secure Sockets Layer (SSL) protocol when sending and receiving authentication transmissions between the license server, the LDAP server, and Helix ALM products. We recommend selecting this option if the license server is configured to use simple password encryption.

7. Select the type of Password encryption to use when sending usernames and passwords over the network.

  • Simple sends usernames and passwords as plain text. We recommend selecting the Use SSL option if you use simple password encryption. The Username and Password fields are required if this option is selected.
  • DIGEST-MD5 sends usernames and passwords as encrypted text. This option is only available if the license server is running on Linux. The Username, User DN, and Password fields are required if this option is selected.

8. Optionally enter the Host address and Port number of a backup server.

The backup server is only queried if the primary server cannot be reached.

9. Select Use anonymous binding for query to anonymously access the LDAP server.

You must be an authenticated, non-anonymous user to perform LDAP operations, such as password checking.

10. Enter a Username, User DN, and Password if anonymous binding is not enabled.

  • Username is the name of the user to use to connect to the LDAP server. The license server will try to automatically connect to the LDAP server using one of the supported SASL authentication mechanisms.
  • User DN is the distinguished name (DN) of the user. This sequence of attributes and values specifies the location of an entry in the LDAP tree. For example: cn=Administrator, cn=users, dc=addoej, dc=wysicorp,dc=com.
  • Password is the password of the user to use to connect to the LDAP server.

11. Select an LDAP user attribute and click Edit to map the attribute to a license server user field. See Mapping Active Directory and LDAP attributes.

12. Click Test LDAP Connection to test the LDAP server connection.

If the connection is not successful, correct any mistakes and retest it.

13. Click OK to save the changes.

The server is added.

Servers are queried in the order they are displayed. To reorder the servers, select a server and click Top, Move Up, Move Down, or Bottom.