ViPR SRM 3.6 – Configuring LDAP authentication

Table of Contents

Overview

Learn how to configure user authentication to use an LDAP server.

By default, user credentials are authenticated using the local authentication method. However, you can configure user authentication to use an LDAP server. In addition, you can test connectivity to the LDAP server, you can test individual user credentials to verify that they are valid and that authentication is working properly, and you can set the order in which authentication methods are used.

Back to Top

Specifying an LDAP server for authentication

LDAP configurations can be diverse and complex. This procedure shows how to specify a typical LDAP configuration for authentication. For more complex configurations, where additional properties are needed for authentication to succeed, use Add Property to add the required properties and their values.

If LDAP was configured prior to upgrading to ViPR SRM 3.6.1, then the properties and values listed in the server.xml file located on the Frontend host (opt/APG/Web-Servers/Tomcat/Default/conf) can be used to identify which properties need to be added to configure LDAP authentication in ViPR SRM 3.6.1.

If you need to bind roles to LDAP/AD groups, typically the properties below need to be added.

userRoleName="memberOf"
 roleBase=" CN=SRM_Read,OU=Groups,OU=Service Accounts,DC=XXX,DC=corp "
 roleSubtree="true"
 roleName="CN"
 roleSearch="(uniqueMember={1})"

Procedure

  1. Navigate to Centralized Management.
  2. From the CONFIGURATION drop-down, select AUTHENTICATION.
    The Authentication Settings dialog appears.
  3. Click Add a realm.
  4. In Authentication Type, select LDAP.
  5. Enter the following settings:
    • In connectionURL, enter the connection URL for the server to be contacted.
    • In alternateURL, enter an alternate URL that can be used if connection to the connectionURL fails.
    • In connectionName, enter the connection user name for the server to be contacted.
    • In connectionPassword, enter the connection password for the server to be contacted.
    • In userBase, enter the base element for user searches.
    • In userSearch, enter the message format used to search for a user.
    LDAP configuration settings

    Authentication Settings

  6. Click the Test Realm Connectivity Icon icon to test connectivity to the LDAP server.
    The Test Realm Connectivity Passed Icon icon indicates that connectivity to the LDAP server has been established.
    The Test Realm Connectivity Failed Icon icon indicates that connectivity to the LDAP server failed.
  7. If authentication failed, use Add Property to add additional properties and their values and retest connectivity.
  8. Click Save.
Back to Top

Testing user credentials for authentication

You can test individual credentials to ensure that authentication is working properly.

Procedure

  1. From the CONFIGURATION drop-down, select AUTHENTICATION.
    The Authentication Settings dialog appears.
  2. Click Test Authentication.
  3. In User Name, enter the user name to test.
  4. In Password, enter the user's password.
  5. Click Test Authentication.
Back to Top

Prioritizing authentication realms

You can set the LDAP server as the first authentication method that is used to check credentials. If you have several realm configurations, the system will check user credentials one after another according to the order they are listed.

Procedure

  1. From the CONFIGURATION drop-down, select AUTHENTICATION.
    The Authentication Settings dialog appears.
  2. Use the up and down arrow icons to set the order of the authentication methods that will be used to check credentials.
Back to Top