<< PREVIOUS       NEXT >>






An existing LDAP instance can be configured with VSP CMS. Refer page User Setup for more information on user addition. The below diagram provides an overview of CMS workflow with LDAP, when an LDAP user tries to log in to CMS:

Figure  – CMS – LDAP Workflow


  1. Once the user is authenticated from LDAP, the user can be viewed in CMS in the User page. Refer to Section User Setup for more information

  2. Specific role can be assigned to the LDAP User in CMS. The user will be able to access CMS based on the assigned role only

    1. User Group information procured from LDAP is utilized to associate the user with relevant user role in CMS

    2. If the user group information is not procured from LDAP, the default CMS user role is assigned to the user

    3. Refer Section User Roles for more information about the User Roles


  • When LDAPS is configured or imported, if the error "SSL/TLS certificate is invalid or not available in truststore" is encountered, ensure that the Custom SSL certificates is configured. Refer Maintenance Section for the SSL certificate deployment steps

  • It is highly recommended to use email as the unique login attribute in the LDAP configuration. If CN is configured and the email ID is modified, CMS does not load the dashboard for that user


To configure an existing LDAP instance on CMS, follow the steps below:

  1. Navigate to Administration > Access Management in the left navigation pane

    Picture 365

  2. Select the tab LDAP

    Picture 36

  3. The configuration has five sections:

    1. LDAP Settings:

      1. Expand LDAP Settings section and click Enable to allow registered LDAP users to login to CMS using LDAP credentials

      2. The LDAP settings can be exported to the local machine. It can be imported to CMS in another environment

    2. LDAP Connection:

      1. Expand LDAP Connection section and click Edit to provide the information

        Picture 380

      2. Provide the below information


        Field Name



        The DNS hostname or IP address of the LDAP or AD server


        Port number for LDAP or AD server access


        Select the appropriate Protocol from the drop-down: LDAP or LDAPS

        Validate Server Certificate

        If enabled, the server certificate is validated

        Authentication Realm 

        User defined value that defines the authentication directory and associated policies to search for users and groups

        Timeout (seconds)

        The number of seconds the system waits for a response from the LDAP server before it closes the connection and tries to connect again

        Dead Time (minutes)

        The time (in minutes) that the system considers an unresponsive authentication server to be “dead” or “out of service”. During this time, the system falls back to using local authentication. After every Dead Time expiry, the system attempts to determine if the server is active again

        Retry Count

        The number of times that the system attempts to connect to the LDAP server. If the number of timed-out attempts reaches the configured Retry count, it is considered inactive (dead) and the Dead Time timer starts. Further traffic is not sent to the server till it becomes responsive again

        Table - LDAP Connection Parameters


      3. Once the above information is provided, click TEST CONNECTION to test the LDAP configuration. Once the test is successful, click SAVE

        Picture 1073742195




<< PREVIOUS       NEXT >>