LDAP authentication implementation

As currently implemented for Spotfire Statistics Services, LDAP authentication has two steps.

Lookup/search using Distinguished Name (DN) patterns runs if at least one of the corresponding properties ldap.group0 through ldap.group9 are defined.
The search pattern is defined as
```
   (ldap.accountNameAttr={0}, ldap.groupX) 
```
where {0} is a username placeholder and X is a respective group number. If the specified user is found and authenticated in this first step, step two is omitted.
This step is performed if the specified user is not found in the first step. It allows for more complex search scenarios.
The property ldap.searchBase defines the context name in which to search, which is relative to the root DN (that is, the property ldap.path). This step has two options:
- Use a standard/default filter.
- Use a custom filter.
The default filter is assembled based on the property ldap.accountNameAttr={0}.

However, if the property ldap.customSearchFilter is defined, it is used in place of the default filter. The ldap.customSearchFilter property should contain a placeholder {0} for a username.

Related concepts

Active Directory properties

Determine authentication setting

LDAP properties

SSL configuration

Related tasks

Configuring LDAPS

Copyright © 2020. TIBCO Software Inc. All Rights Reserved.