Hello. In this video you will learn how to configure LDAP authentication in ACDI.
By default, after installation, you can log into ACDI using the local accounts you’ve defined during installation. Information about a user can be found in the User Profile in the top right corner.
To configure LDAP authentication, you need to do the following: Go to Administration, then “Core Engine,” and in “LDAP Connections,”
you select the LDAP connection you will use for authentication and enable authentication here using the switcher.
The next step will be to go to ‘LDAP authentication settings.”
On this page, you must define all attributes and scopes for the authentication operation. First of all, search the scope of the user you will use to authenticate.
Then base containers where you’ll search users. Multiple options mean you will search inside either the user’s ACDI or the user’s data.
The search scope is set to subcontainer. To define user roles and permissions you need to use the default group membership option.
Any other linkage attribute between the user and the object that will have entitlements can be defined. In this case, you will use groupMembership.
“Wright mapping attribute”: by default, in eDirectory, the only wrightable attribute for groups is “description”. “Description” is set as default. You always can create an auxiliary class, add a custom attribute to a group object, and set entitlements for ACDI inside your custom attribute.
“Filter group names with regular expressions”: this defines which groups you will need to search to define entitlements.
Here you also see the “Additional LDAP filter”. It can help you if you would like to use custom attribute for role assignments. The “Authentication timeout” is set in seconds.
These are the attributes that will be used to search users: the default settings are “cn” and “mail.”
Additional information will be received from LDAP and saved in session.
When you modify this page, you will need to save the settings and create a new user or use a new one.
Now groups that will be used for entitlements configuration must be created.
Here is a new group, let’s add users you will use for LDAP authentication. In this case, the user will be “bobt”.
An important thing: you need at least one value in the description. Now add an empty JSON string “{}” as the description. Apply changes.
Okay, now you can proceed to ACDI.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch