For a typical example configuration, consider an OpenLDAP server that can authenticate in both Windows and Linux/UNIX domains. In the test LDAP schema, group information is specified in individual group searches.
First, go to Role Administration and set up group names for the roles. Map the Manage role to the support LDAP group.
Then configure the connection to the LDAP server as follows:
Leave user name and Password blank since this directory allows anonymous search.
Next, after successfully testing the connection, configure the user search using the user DN, and leaving Search String and Search Base blank:
•
User DN Format = uid={0},ou=users,dc=datasynapse,dc=com
•
User Search String Format = not set
•
User Search Base = not set
•
User Search Subtree = False
•
User Search Timeout = 5000
•
User Password Attribute = userPassword
•
User Password Digest = Auto Detect
Finally, set up the group search. Since this LDAP schema keeps the groups as separate entities, leave User Group Attribute blank, and specify a separate group search:
•
Group Search Attribute = cn
•
Group Search Base = ou=groups,dc=datasynapse,dc=com