8.7.7. Configuring the connection between the GCenter and the LDAP server

8.7.7.1. Introduction

This procedure enables setting up the LDAP server using:

• The `LDAP server binding settings` area

• The `LDAP users and groups mapping` area

This area enables entering the connection information to a remote authentication server.

Note

This graphical interface is described in The `LDAP configuration` section of the `Accounts` submenu.

---

8.7.7.2. Prerequisites

• User : member of Administrator group

---

8.7.7.3. Preliminary operations

• Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser). with the prerequisite rights.

---

8.7.7.4. Procedure to access to the `LDAP configuration` window for an administrator account

• In the navigation bar, successively click on:

• The `Admin` button

• The `Gcenter` sub-menu

• The `Accounts` command

  The `Accounts` window is displayed.

• Click on the `LDAP configuration` heading.

  The `LDAP configuration` window is displayed.

---

8.7.7.5. Procedure to change the settings for the `LDAP server binding settings` area (5)

• Expand the window to access the parameters using the arrows (6).

• Enter the following parameters:

Field	Required	Description	Value
`Enable anonymous binding`	No	Enables not having to enter the login password	On/Off
`LDAP protocol`	Yes	Enables choosing the protocol used for the connection	ldap:// ou ldaps://
`LDAP hostname`	Yes	Enables specifying the IP address or name of the remote server	ip or fqdn
`LDAP port`	Yes	Enables specifying the port of the remote server	389 for ldap or 636 for ldaps for example
`Output interface`	Yes	Enables selecting the GCenter interface through which to communicate with the remote server	mgmt0 by default
`LDAP binding DN`	No	Enables specifying the user name for connecting to the remote server	user name
`LDAP binding password`	No	Enables specifying the user's password for connecting to the remote server	user's password

Note

If the `Enable anonymous binding` option is enabled, it is not necessary to fill in the username and password.

• Save the changes with the `Save and apply` button.

  Warning window is displayed with the message `Saving and applying the new LDAP settings will restart the application and disconnect all users!`.

• Click on the `Confirm` button.

---

8.7.7.6. Procedure to change the settings for the `LDAP advanced settings` area (9)

• Expand the window to access the parameters using the arrows (8).

• Enter the following parameters:

Field	Required	Description	Value
`First name`	Yes	Enables specifying the LDAP parameter for the first name of the users	by default : givenName
`Last name`	Yes	Enables specifying the LDAP parameter for the last name of the users	by default : sn
`Email`	Yes	Enables specifying the LDAP setting for the user's email	by default : mail
`User to group mapping`	Yes	Enables entering an LDAP query to help the GCenter find the groups a user belongs to	by default : see in the interface
`LDAP version`	Yes	Enables to choose the LDAP version of the remote server	by default : Version 3
`LDAP version`	Yes	Enables choosing the LDAP version of the remote server	by default: Version 3
`Enable StartTLS protocol`	Yes	Enables or disables the StartTLS protocol	by default: disable
`Disable checking the certificate validity when using TLS`	Yes	Enables or disables certificate validity checking (LDAPS)	by default: disable
`Custom CA`	No	Displays the current certificate in use	depends on the last loaded certificate
`Update custom CA`	No	Enables loading a certificate for LDAPS use	depends on the last certificate choosen
`LDAP timeout`	Yes	Enables specifying the waiting time for LDAP queries	2
`Network timeout`	Yes	Enables specifying the waiting time at the LDAP communications network level	2
`Cache timeout`	Yes	Enables specifying the waiting time for LDAP users and groups	300

• Save the changes with the `Save and apply` button.

  Warning window is displayed with the message `Saving and applying the new LDAP settings will restart the application and disconnect all users!`.

• Click on the `Confirm` button.

Note

To configure the LDAPS:

• Enter in `LDAP server binding settings`:

  • `LDAP protocol`: ldaps://

  • `LDAP_port`: 636

• Enter the certificate of the certification authority in `LDAP advanced settings`.

Note

To configure LDAP over TLS:

• Enter the certificate of the certification authority in `LDAP advanced settings`

• Tick the `Enable StartTLS` box in `LDAP advanced settings`

---