An LDAP authorization realm uses an external LDAP server for authorization.
To create an LDAP authorization realm:
-
Display the Create Authorization Realm dialog (
Settings > Security > Authorization > Create Authorization Realm [button]). -
Ensure that
LDAPis selected in the Type list box, then specify the following:.Table 58. LDAP Authorization Realm Properties
Field Description User Group Attribute Name of the attribute that contains role names in the user directory entry. If user groups are defined in LDAP as an attribute of the user, the Group Attribute configuration must be used Group Search Base Base directory used to execute group searches, such as ou=employees,dc=mydomain,dc=com. Group Search Filter LDAP filter expression used when searching for user entries. The name will be substituted in place of 0 in the pattern, such as uid={0}. If this is not part of the DN pattern, wrap the value in parenthesis, such as ud=(0). Group Name Directory name used to bind to LDAP for searches, such as cn=Manager,dc=mycompany,dc=com. If not specified, an anonymous connection will be made. Required if the LDAP server cannot be anonymously accessed. Search Group Subtree Searches the subtree for the roles if checked.
