Spotfire® Server and Environment - Installation and Administration

Configuring LDAP

When user authentication is configured towards an LDAP directory, Spotfire Server delegates authentication responsibility to the configured LDAP servers. Therefore, only users with valid accounts in the LDAP directory can log in to Spotfire Server.

About this task

For information about supported LDAP servers and what you need to know about your organization's server, see Authentication towards LDAP.
Note: For information about other LDAP implementations, including Kerberos, NTLM, X.509 client certificates, and external authentication, see User authentication.

Before you begin

  • Your organization stores user information in an LDAP directory.
  • A bootstrap.xml file has been successfully saved in the configuration tool; for instructions, see Creating the bootstrap.xml file.

Procedure

  1. On the Configuration page of the configuration tool, next to Authentication, select BASIC LDAP.
    The User directory field switches to LDAP along with the Authentication field. This is because in most cases it is recommended that LDAP authentication be paired with the user directory in LDAP mode.
    Note: If your LDAP directory contains a very large number of users that are not divided into convenient sub-units (contexts), you may want to use the Spotfire database user directory instead. In this configuration, only users who log in to Spotfire Server are included in the user directory, so there are fewer users for Spotfire Server to track.
  2. In the left panel of the page, click Authentication: LDAP, and then click New.
  3. In the Create configuration dialog, enter a name for your LDAP configuration, for example "LDAP on Spotfire123", and then click OK.
    The LDAP configuration page is displayed.

  4. Next to Enable for, select both the Authentication and User directory check boxes. This instructs Spotfire Server to create a user account in the Spotfire database for each user (within the configured scope) in the LDAP directory. When someone tries to log in to the Spotfire system, Spotfire Server accesses their account and then validates their password through the LDAP directory.
  5. Next to LDAP username and LDAP password, enter the user name and password of an LDAP service account with read access to Active Directory.
  6. Next to LDAP server URL, enter the URL in the form LDAP://server:port, for example LDAP://computer1.spotfire.com:389
  7. Next to Context names, enter the contexts you want to synchronize.
  8. Next to Synchronization schedule you can change the scheduled synchronization times between the LDAP directory and the Spotfire database. The default is to synchronize whenever Spotfire Server is restarted, in addition to daily. For additional synchronization options, click Add.
  9. Click Test connection to verify your entries.
  10. If you set the user directory to Database in step 1 above, click Post Authentication Filter in the left panel and then, next to Default filter mode, select Auto-create.
    When users log in to Spotfire Server they are added to the Spotfire user directory.
  11. When you are finished, click Save configuration.
Copyright © Cloud Software Group, Inc. All rights reserved.