LDAP Configuration (part 2)

This form is only shown when Extended Server is deployed and LDAP Authentication mechanism or Windows Integrated Authentication has been selected.

Authentication Provider Configuration

The second form lets you configure the LDAP authentication provider.

LDAP Authentication Provider Configuration.

Note: During browse operations in the LDAP directory you might be requested to trust more servers (when using SSL). This depends on the fact that the LDAP databases are distributed and requests might get directed to another physical server in the network.

Note: The default AD group "Domain Users" cannot be used as IFS Group membership: To achive the same functionaliy: Please use the built-in group users as "IFS Group". The name of the group is case-sensitive (all lower case) - and has to manually be written in the "Group membership" text field. This group will authorise all authenticated users.

Actions

  1. User Base DN: Browse and select the base folder where users are located in the LDAP directory.
  2. User Name Filter: Syntax filter to query the Active Directory.
  3. User Name Attribute: Attribute for user management.
  4. Group Base DN: Browse to the root folder containing groups in the LDAP directory.
  5. Group Name Filter: Syntax filter to query the Active Directory.
  6. Group Membership: Browse and select the group which allows users that belong to this group to run IFS Applications.
  7. Fully Qualified Domain Name The FQDN for the users running the application. Used for security checkpoints. This value will be automatically populated when the Users or Groups is selected from the Browse-button.
  8. Press Next

About Base DN

DN (Distinguished Names) is a sequence of relative distinguished names (RDN) connected by commas.
The following is an example of a distinguished name 

CN=Erik Dahllöf,OU=Employees,OU=IFSUsers,DC=corpnet,DC=ifsworld,DC=com

The Base DN requested is the base for a recusrive search. I.e. from where to start the search for a particular user (or group). The closer towards the root a Base DN is set the more of the tree is scanned. This has a negative impact on performance but possibly more users (or groups) are included. It is recommended to narrow this down as much as possible. To include the above user, the Base DN would be: 

OU=Employees,OU=IFSUsers,DC=corpnet,DC=ifsworld,DC=com

OU=IFSUsers,DC=corpnet,DC=ifsworld,DC=com and DC=corpnet,DC=ifsworld,DC=com would yield the same result (but is less optimized).
The larger the tree is the more important it is to limit the search.