EV Observe - Configure Authentication on an LDAP Directory

Last modified on 2023/06/26 10:03
Contents

Note: Only for customers using the on-premises solution

LDAP (Lightweight Directory Access Protocol) is a TCP/IP protocol used to run queries in the corporate directory. It is used by applications that run a user authentication process.

A read-only user account is used to read and browse through corporate LDAP directories and to validate the credentials of users who want to log in to EV Observe.

Notes

Screen description

          LDAP authentication.png

Domain: Domain of the LDAP directory used for creating user accounts.

  • You are not required to specify an FQDN. For example, do not specify a .LAN.

IP address/DNS name: IP address or DNS name of the server hosting the directory.

Port: Port for connecting to the directory.

Enable SSL support: Used to indicate if the SSL protocol is enabled and, as such, can be used to secure connection to the directory (Yes) or if it is disabled (No).

Attributes: Attributes of the user object in the LDAP directory, used to link the directory with EV Observe.

Best Practice icon.png  Please see the configuration of the LDAP directory to map the fields with your directory. The default values are the most commonly used ones.

  • Login: This is the name of the column where user logins are stored in the directory.
    • The login must be a unique ID in the following format, <domain><login>.
  • Base DN: Node used for the search query in the directory.
    • Indicate the highest level of the tree structure.
  • First name: This is the name of the column where user first names are stored in the directory.
  • Last name: This is the name of the column where user last names are stored in the directory.
     

LDAP account: User account for running searches on users and for testing the connection to the directory.

  • The user account must have read-only access.
  • Email: Email address of the account.
  • Password: Password of the account.
     

LDAP filter: Expression used to filter results in the directory.

  • The default value will filter users who have a specified email address.

example  Group management

&(objectCategory=user)(sAMAccountName=*)(memberOf=cn=GG_SUPERVISION_SI,ou=groupes,ou=Service-U,dc=<dc>,dc=lan)

Debug mode: Used to indicate if debug mode is enabled and, as such, can be used to modify output errors returned (Yes) or if it is disabled (No).

Maximum connection time: Maximum wait time authorized for establishing the connection with the directory.

Procedure: How to configure LDAP authentication

Step 1: Create the new LDAP directory

1. Go to the Web app.

2. Select Administration > External connections > LDAP in the menu.

3. Select Yes in the Do you want to use an LDAP directory field.

4. Enter the information for the LDAP directory.

5. Click Apply.
 

Step 2: Check the connection to the LDAP directory

1. Click Test.

2. Correct any errors and run the test again.

          LDAP authentication - Connection errors.png
 

If the connection is successful:

  • The results for the LDAP configuration test will appear.
  • The number of users retrieved during the test will appear.
  • Information on one of the users retrieved will appear, i.e. login, first name, last name and email.

Note: If some of the data is missing from the LDAP directory, the column on the right will not contain any result.

          LDAP authentication - Connection success.png

Tags:
Powered by XWiki © EasyVista 2022