| 10.5.5. LDAP | ||
|---|---|---|
|
10.5. Integration |  |
| 10.5.5. LDAP | ||
|---|---|---|
|
|
10.5. Integration | |
Only available in Klaros-Testmanagement Enterprise Edition
![[Tip]](images/tip.png) |
Tip |
|---|---|
|
To access an LDAP or Active Directory server, it is necessary to set numerous configuration parameters first. When in doubt, please consult your system administrator about the values to enter here. |
Parameters required to contact the LDAP server:
|
Server Address |
The URI under which the LDAP server resides (e.g. ldap.acme.com).
|
|
Server Port |
The port on which the LDAP server is located (typically
389
for unencrypted connections or 686 for LDAPS).
|
|
Secure (LDAPS) |
If this option is enabled, the encrypting LDAPS protocol is used. |
|
Bind DN |
The Distinguished Name of the user account that will log on to the server and execute the bind operation. |
|
Bind Credentials |
The password credential of the user account that will log on to the server and execute the bind operation. |
|
Follow Referrals |
If this option is enabled, searching a directory automatically follows any referrals the server might return. When disabled referrals will be ignored and other servers will not be contacted during the search. |
Parameters needed to locate a user account:
|
User Context DN |
The distinguished name of the path under which user accounts will be searched (e.g.
ou=Users,dc=verit,dc=de).
|
|
User Object Classes |
A comma separated list of the LDAP object classes a user account must
match to be included in the search (e.g. person,posixAccount).
|
|
Enable naive DN Matching Mode |
If this option is enabled, the returned DN of a user search is directly used to authenticate the user. If this option is disabled, the following two parameters will be used in conjunction with the User Name Attribute to build a DN to authenticate with. |
|
User DN Prefix |
The prefix of the distinguished name used to locate user accounts (e.g. uid=).
|
|
User DN Suffix |
The suffix of the distinguished name used to locate the user account (e.g.
,ou=Users,dc=acme,dc=com).
When locating user accounts, the prefix, the account id and the suffix are concatenated to form the
distinguished name of the user account.
|
Parameters describing the attributes of a user account:
|
User Search Attribute |
The LDAP username attribute which corresponds to the Klaros-Testmanagement account name (e.g. uid).
|
|
User Name Attribute |
The LDAP attribute which will be used in the DN bind action which authenticates the user (if naive DN Matching mode is deactivated). In a simple scenario this will match the User Search Attribute.
If your LDAP Server setup does not allow you to bind a user with the specified user search
attribute you should specify the corresponding attribute here (e.g. |
|
User Password Attribute |
The LDAP password attribute which corresponds to the Klaros-Testmanagement account password (e.g.
userPassword).
|
|
Full Name Attribute |
The LDAP attribute containing the full name of the user (e.g cn).
If specified, this will be automatically be transferred into the Klaros-Testmanagement
database upon first successful login.
|
|
Email Attribute |
The LDAP attribute containing the email address of the user account (e.g. mail).
If specified, this will automatically be transferred into the Klaros-Testmanagement database upon the first successful
login.
|
|
Enabled Attribute |
If specified, this LDAP boolean attribute defines whether a user is allowed to log in. Not all directory servers provide such an attribute. |
If the Set as default checkmark is activated, the login screen will default to LDAP authentication for all users. It is still possible for existing users to authenticate against the Klaros-Testmanagement user database if selected in the login screen.
Use the Disable automatic user registration option to prevent the automatic creation of a user in Klaros-Testmanagement upon the first successful login.
Upon the first successful login a matching password hash is created in the local user database so that users can also authenticate themselves against the local user database with their LDAP password. If the Disable Password Synchronization checkmark is activated, this synchronization will not be performed and users will only be able to log in locally when an administrator assigns them a local password interactively.
Clicking the Test LDAP access button tests whether the parameters entered on this page are correct. The test process in divided in two phases:
In the first phase, an attempt is made to log on to the server and a search for all available users is performed. If this is successful, a dialog is displayed listing the users found in the LDAP directory.
In the second phase, a username and password can be entered to test the LDAP login of a user. The result of the login attempt is logged in the log panel.
|
|
 |
|
| 10.5.4. Network |  |
10.5.6. CAS |
