Authentication towards LDAP
This authentication method integrates with an existing LDAP directory and delegates the actual authentication responsibility to its configured LDAP servers.
Only users with valid accounts in the LDAP directory can log in to Spotfire Server. This setup is recommended for larger implementations.
Spotfire Server
supports the following LDAP servers:
- Microsoft Active Directory
- The Directory Server product family (Oracle Directory Server, Sun Java System Directory Server, Sun ONE Directory Server, iPlanet Directory Server, Netscape Directory Server)
Note: Other types of LDAP
servers may also work with
Spotfire Server,
but require more advanced configuration.
Note: When
Spotfire Server
is authenticating towards a Microsoft Active Directory server, it automatically
uses the Fast Bind Control (also known as Concurrent Bind Control) option to
minimize the consumed resources on the LDAP server.
LDAP authentication can be combined with either the LDAP user directory
or the
Spotfire
database user directory:
- When the user directory is
set to
LDAP,
Spotfire Server
can automatically import the user names from the LDAP directory. Passwords
remain in the external directory, and
Spotfire Server
contacts this directory to validate users' passwords. You can set the frequency
with which
Spotfire Server
checks the LDAP directory for updates.
Note: When the user directory mode is set to LDAP, Spotfire Server also imports the group names and group membership information. For information on groups, see Users & groups introduction and Group administration.
- When the user directory mode is set to Database, the administrator usually enters the valid user names and passwords into the Spotfire database manually. The names and passwords can also be imported from a CSV file, or be automatically created as new users log in to the server. The option to automatically create users as they log in is available through the post-authentication filter.
- Configuring LDAP
When user authentication is configured towards an LDAP directory, Spotfire Server delegates authentication responsibility to the configured LDAP servers. Therefore only users with valid accounts in the LDAP directory can log in to Spotfire Server. - Configuring LDAPS
In an LDAP environment, where the Spotfire system communicates with an LDAP directory server, administrators often secure the LDAP protocol using TLS, if the LDAP directory supports this. - SASL authentication for LDAP
Spotfire Server supports two SASL (Simple Authentication Socket Layer) mechanisms for authentication towards LDAP: DIGEST-MD5 and GSSAPI. - Configuring Spotfire Server for DIGEST-MD5 authentication of LDAP
These instructions apply for Active Directory LDAP configurations. Spotfire Server does not support GSSAPI for other LDAP configurations. - Configuring Spotfire Server for GSSAPI authentication of LDAP
These instructions apply for Active Directory LDAP configurations. Spotfire Server does not support GSSAPI for other LDAP configurations.
- Configuring LDAP
When user authentication is configured towards an LDAP directory, Spotfire Server delegates authentication responsibility to the configured LDAP servers. Therefore only users with valid accounts in the LDAP directory can log in to Spotfire Server. - Configuring LDAPS
In an LDAP environment, where the Spotfire system communicates with an LDAP directory server, administrators often secure the LDAP protocol using TLS, if the LDAP directory supports this. - SASL authentication for LDAP
Spotfire Server supports two SASL (Simple Authentication Socket Layer) mechanisms for authentication towards LDAP: DIGEST-MD5 and GSSAPI. - Configuring Spotfire Server for DIGEST-MD5 authentication of LDAP
These instructions apply for Active Directory LDAP configurations. Spotfire Server does not support GSSAPI for other LDAP configurations. - Configuring Spotfire Server for GSSAPI authentication of LDAP
These instructions apply for Active Directory LDAP configurations. Spotfire Server does not support GSSAPI for other LDAP configurations.
Parent topic: User name and password authentication methods