12.10. LDAP Login
The LDAP (Lightweight Directory Access Protocol) is a login option that authenticates users against an LDAP server instead of locally created users.
There are two steps to setting up a user to login via LDAP
- configure LDAP domain
- create a user and specify “LDAP Login”
After you have created a LDAP Domain , a checkbox called “LDAP Authentication” appears at the login screen.
The rules are
- if a user is created with the “LDAP login only” option checked at user creation
- he/she will not be allowed to login with a local password
- if a user is created without “LDAP login only”
- he/she can login with a local OR domain password depending on if the “LDAP authentication” is checked at the login screen
12.10.1 Configure LDAP Domain
The first step is to configure the LDAP domain against which the authentication will be done.
Fill in the details as shown below.
|Domain Name||LDAP server domain name|
|Port||LDAP port number, usually 389|
|Base DN or Bind DN||Base distinguished name used for Binding to the LDAP domain.|
|Object Context||Object Context. This is the base DN that users are searched in when they login|
|Filter attribute||The actual attribute name that is used to match the user. Examples :
12.10.2 Create a LDAP enabled user
Next you need to create a new LDAP enabled user.
Here there are two options
|LDAP Only login||The user can only login via LDAP auth and not have a local password|
|LDAP + Local auth||The user can choose to login locally or via LDAP auth|
As per your company policy you can choose to create any one of the two types of users.
12.10.3 Admin user is always local
The super admin user with login name = admin always uses a local login.
12.10.4 Login mode
After you create a LDAP Domain, the login screen will show a checkbox called “LDAP authentication”.
- for users with LDAP Only auth — they have no choice but to enter their LDAP password
- for users with LDAP or Local auth — if they do not check the “LDAP authentication” checkbox they will use the local login/password.
If you experience errors you can try the following.
- Login using a LDAP enabled user and check the “LDAP Authentication” check box
- then check the Webtrisul log file for errors. The log file is at