<< PREVIOUS       NEXT >>

 

LDAP INTEGRATION WITH CMS

 

CONFIGURATION ON CMS

 

An existing LDAP instance can be configured with VSP CMS. Refer page User Setup for more information on user addition. The below diagram provides an overview of CMS workflow with LDAP, when an LDAP user tries to log in to CMS:

Figure  – CMS – LDAP Workflow

 

1. Once the user is authenticated from LDAP, the user can be viewed in CMS in the User page. Refer to Section User Setup for more information

2. Specific role can be assigned to the LDAP User in CMS. The user will be able to access CMS based on the assigned role only

   1. User Group information procured from LDAP is utilized to associate the user with relevant user role in CMS

   2. If the user group information is not procured from LDAP, the default CMS user role is assigned to the user

   3. Refer Section User Roles for more information about the User Roles

NOTE:

• When LDAPS is configured or imported, if the error "SSL/TLS certificate is invalid or not available in truststore" is encountered, ensure that the Custom SSL certificates is configured. Refer Maintenance Section for the SSL certificate deployment steps

• It is highly recommended to use email as the unique login attribute in the LDAP configuration. If CN is configured and the email ID is modified, CMS does not load the dashboard for that user

 

To configure an existing LDAP instance on CMS, follow the steps below:

1. Navigate to Administration > Access Management in the left navigation pane

   

2. Select the tab LDAP

   

3. The configuration has five sections:

   1. LDAP Settings:

      1. Expand LDAP Settings section and click Enable to allow registered LDAP users to login to CMS using LDAP credentials

      2. The LDAP settings can be exported to the local machine. It can be imported to CMS in another environment

         

   2. LDAP Connection:

      1. Expand LDAP Connection section and click Edit to provide the information

         

      2. Provide the below information

          

         Field Name	Details/Examples
         Host	The DNS hostname or IP address of the LDAP or AD server
         Port	Port number for LDAP or AD server access
         Protocol	Select the appropriate Protocol from the drop-down: LDAP or LDAPS
         Validate Server Certificate	If enabled, the server certificate is validated
         Authentication Realm	User defined value that defines the authentication directory and associated policies to search for users and groups
         Timeout (seconds)	The number of seconds the system waits for a response from the LDAP server before it closes the connection and tries to connect again
         Dead Time (minutes)	The time (in minutes) that the system considers an unresponsive authentication server to be “dead” or “out of service”. During this time, the system falls back to using local authentication. After every Dead Time expiry, the system attempts to determine if the server is active again
         Retry Count	The number of times that the system attempts to connect to the LDAP server. If the number of timed-out attempts reaches the configured Retry count, it is considered inactive (dead) and the Dead Time timer starts. Further traffic is not sent to the server till it becomes responsive again

         Table - LDAP Connection Parameters

          

      3. Once the above information is provided, click TEST CONNECTION to test the LDAP configuration. Once the test is successful, click SAVE

         

 

CONTINUED...

 

<< PREVIOUS       NEXT >>