Connection and configuration of an LDAP repository
Configuration and connection to an LDAP repository is performed from
Security > Configure LDAP .
Configuration requires the completion of 3 tabs: Server
configuration, Users mapping
and Groups mapping.
|
When one of the tabs has not been completed, the symbol
is displayed in front of the tab name. Consequently, if this symbol is
not in front of any of the three tab names, you can test the configuration
(Test button) and validate it (OK
button).
|
Tab Server configuration:
- There are two methods
of connecting to the LDAP server ( LDAP protocol
box):
- standard connection,
check ldap.
- secure connection, check
ldaps.
- Server
name (or IP): this is the name of the server containing the LDAP
repository.
- Server
port: by default the port is set to the value 389.
Authentication:
- Method:
depending on the company’s security policy for connection to
the LDAP repository, check Anonymous connection
or Authenticated connection. In the latter case,
complete the following fields (you
should use the correct syntax for an LDAP request):
- LDAP
User prefix. Example: sAMAccountName.
This field is filled in by default.
- DN of
reading user. The syntax to be respected is displayed grayed out.
When you start typing, the syntax disappears. Example:
CN=MNG Lectra,OU=Service Administrators,DC=intranet,DC=company,DC=es.
- Password: gives access
to the LDAP repository.
Tab Users mapping:
The data entered into this tab is used to define how to recognize the
PLM users and what correspondence there is between the LDAP fields and
the PLM user fields.
Apart from the Base DN field of the LDAP object, all the fields are
filled by default.
- LDAP
object class. Example: user
- LDAP
base DN. The syntax to be respected is displayed grayed out. When
you start typing, the syntax disappears. Example: ou=UserGroup01,ou=Users,OU=MNG,DC=intranet,DC=company,DC=es.
Synchronization parameters:
- The Filter is a search filter and uses a specific syntax.
The filter is mandatory. The filter field is completed as the Login
is entered, though you can complete it yourself.
LDAP User mapping:
- Login.
Example: sAMAccountName. Entering
the identifier completes the Filter
field.
- First
name. Example: cn
- Name.
Example: sn
- E-mail
address. Example: userPrincipalName
Tab Groups mapping:
The data entered into this tab are used to define how
to recognize the PLM user groups and what correspondence there is between
the LDAP fields and the PLM user group fields.
Apart from the Base DN field of the LDAP object, all
the fields are filled by default.
- LDAP
object class. Example: group
- LDAP
base DN. The syntax to be respected is displayed grayed out. When
you start typing, the syntax disappears. Example: OU=Lectra,OU=Security
Groups,OU=Groups,OU=MNG,DC=intranet,DC=company,DC=es.
- Membership
attribute name. Example: member
Synchronization parameters:
- The Filter is a search filter and uses a specific syntax.
The filter is mandatory. The filter field is completed as the Name is entered, though you can complete it yourself.
LDAP Group mapping:
- Name.
Example: cn. Entering the identifier completes the Filter
field.
Activate the LDAP configuration
The button Activate LDAP/ Deactivate LDAP activates
or deactivates the LDAP service on the server side.
Confirmation of LDAP
configuration
- Once all the tabs have
been completed, you can confirm your configuration by clicking on the
OK button.
LDAP configuration test
|
For the LDAP configuration to take effect and to be able to test it,
you need to restart the FIP server.
|
- Click on the Test
button.
- a message tells you the
result of the LDAP configuration test.
- Confirm the message.
- the message LDAP
repository configured is displayed above the tabs. At this stage
you can synchronize the LDAP (see Synchronizing
the LDAP repository below).
Synchronizing the
LDAP repository
Synchronizing the LDAP repository with the FIP platform means that all
the users concerned by the configuration can be added. The date of the
Last synchronization is displayed above the tabs.
- Click on the Synchronize
button.
- A message window displays
the results of the synchronization.
See also: LDAP_User_Guide document