8.7.7. Configuring the connection between the GCenter and the LDAP server
8.7.7.1. Introduction
This procedure enables setting up the LDAP server using:
The
`LDAP server binding settings`
areaThe
`LDAP users and groups mapping`
area
This area enables entering the connection information to a remote authentication server.
Note
This graphical interface is described in The `LDAP configuration` section of the `Accounts` submenu.
8.7.7.2. Prerequisites
User : member of Administrator group
8.7.7.3. Preliminary operations
Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser). with the prerequisite rights.
8.7.7.4. Procedure to access to the `LDAP configuration`
window for an administrator account
In the navigation bar, successively click on:
The
`Admin`
buttonThe
`Gcenter`
sub-menu The`Accounts`
commandThe`Accounts`
window is displayed.
- Click on the
`LDAP configuration`
heading.The`LDAP configuration`
window is displayed.
8.7.7.5. Procedure to change the settings for the `LDAP server binding settings`
area (5)
Expand the window to access the parameters using the arrows (6).
Enter the following parameters:
Field |
Required |
Description |
Value |
---|---|---|---|
|
No |
Enables not having to enter the login password |
On/Off |
|
Yes |
Enables choosing the protocol used for the connection |
ldap:// ou ldaps:// |
|
Yes |
Enables specifying the IP address or name of the remote server |
ip or fqdn |
|
Yes |
Enables specifying the port of the remote server |
389 for ldap or 636 for ldaps for example |
|
Yes |
Enables selecting the GCenter interface through which to communicate with the remote server |
mgmt0 by default |
|
No |
Enables specifying the user name for connecting to the remote server |
user name |
|
No |
Enables specifying the user's password for connecting to the remote server |
user's password |
Note
If the `Enable anonymous binding`
option is enabled, it is not necessary to fill in the username and password.
- Save the changes with the
`Save and apply`
button.Warning window is displayed with the message`Saving and applying the new LDAP settings will restart the application and disconnect all users!`
. Click on the
`Confirm`
button.
8.7.7.6. Procedure to change the settings for the `LDAP advanced settings`
area (9)
Expand the window to access the parameters using the arrows (8).
Enter the following parameters:
Field |
Required |
Description |
Value |
---|---|---|---|
|
Yes |
Enables specifying the LDAP parameter for the first name of the users |
by default : givenName |
|
Yes |
Enables specifying the LDAP parameter for the last name of the users |
by default : sn |
|
Yes |
Enables specifying the LDAP setting for the user's email |
by default : mail |
|
Yes |
Enables entering an LDAP query to help the GCenter find the groups a user belongs to |
by default : see in the interface |
|
Yes |
Enables to choose the LDAP version of the remote server |
by default : Version 3 |
|
Yes |
Enables choosing the LDAP version of the remote server |
by default: Version 3 |
|
Yes |
Enables or disables the StartTLS protocol |
by default: disable |
|
Yes |
Enables or disables certificate validity checking (LDAPS) |
by default: disable |
|
No |
Displays the current certificate in use |
depends on the last loaded certificate |
|
No |
Enables loading a certificate for LDAPS use |
depends on the last certificate choosen |
|
Yes |
Enables specifying the waiting time for LDAP queries |
2 |
|
Yes |
Enables specifying the waiting time at the LDAP communications network level |
2 |
|
Yes |
Enables specifying the waiting time for LDAP users and groups |
300 |
- Save the changes with the
`Save and apply`
button.Warning window is displayed with the message`Saving and applying the new LDAP settings will restart the application and disconnect all users!`
. Click on the
`Confirm`
button.
Note
To configure the LDAPS:
Enter in
`LDAP server binding settings`
:
`LDAP protocol`
: ldaps://
`LDAP_port`
: 636Enter the certificate of the certification authority in
`LDAP advanced settings`
.
Note
To configure LDAP over TLS:
Enter the certificate of the certification authority in
`LDAP advanced settings`
Tick the
`Enable StartTLS`
box in`LDAP advanced settings`