Creating an LDAP connection

If you want LDAP users or LDAP user groups to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

To create an LDAP connection:

  1. In the menu, go to the Users section.

    The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

  2. Select the LDAP connection tab.

    A table of LDAP connections is displayed.

  3. Click + LDAP.
  4. In the displayed settings area, in the Name field, enter the name of the LDAP connection.
  5. In the Domain field, enter the FQDN of the domain of the remote server.
  6. In the Domain alias field, enter the alias or NETBIOS name of the domain. Users enter the alias, NETBIOS name, or FQDN of the domain when logging into the orchestrator web interface.

    For example, if the FQDN of the domain is 'example.com' and the alias is 'example', a user named 'admin' can enter the following credentials when logging into the orchestrator web interface:

    • admin@example.com
    • admin@example
    • example.com\admin
    • example\admin
  7. In the LDAP host field, enter the host name of the remote server. The following host name formats are supported:
    • ldap://<host name>:<port number> for a standard LDAP server. The default port is 389.
    • ldaps://<host name>:<port number> for an LDAP server with SSL authentication. The default port is 636.

    For example, if you enter ldap://example.com:100, the host name of the remote server is 'example.com' and the port number is 100.

  8. In the Base DN field, enter the base distinguished name that the orchestrator uses as the starting point for searching user accounts in the remote server directory. The following base distinguished name formats are supported:
    • To search in OpenLDAP, enter the base distinguished name in the OU=<value>,OU=<value> format, where OU is the structure of organizational units in the remote server directory. For example, if you enter OU=OU_example1,OU=OU_example2, the starting point for searching user accounts is organizational unit OU_example2, which is nested in OU_example1.
    • To search in Microsoft Active Directory, enter the base distinguished name in the DC=<value>,DC=<value>, where DCs are the domain components of the remote server. For example, if you enter DC=example,DC=com, the starting point for searching user accounts is the 'example.com' domain.
  9. In the Search attribute drop-down list, select the attribute that the orchestrator uses to search for user accounts in the remote server directory:
    • uid (OpenLDAP) is the UID (user ID) for searching in OpenLDAP. Default value.
    • sAMAccountName (Active Directory) is the pre-Windows 2000 logon name for searching in Microsoft Active Directory.
  10. In the Bind DN field, enter the distinguished name for authenticating the orchestrator on the remote server. The following distinguished name formats are supported:
    • For authentication in openLDAP, enter a value in the UID=<value>,OU=<value> format, where UID is the user ID and OU is the organizational unit structure in the remote server directory where the user is located. For example, if you enter UID=user_example,OU=OU_example, user user_example from organizational unit OU_example is used for authenticating the orchestrator on the remote server.
    • For authentication in Microsoft Active Directory, enter a value in the CN=<value>,OU=<value>,DC=<value>,DC=<value>, where CN is the common name of the user, OU is the organizational unit structure in the remote server directory that the user belongs to, and the DCs are the user's domain components. For example, if you enter CN=user_example,OU=OU_example,DC=example,DC=com, user user_example in organizational unit OU_example in the example.com domain is used for authenticating the orchestrator on the remote server.
  11. In the Bind password field, enter the remote server password for authenticating the orchestrator on the remote server. To see the entered password, you can click the show icon .
  12. To check if the remote server is available, click Test authentication.
  13. Click Create.

The LDAP connection is created and displayed in the table.

Page top