Configuring LDAP settings
Windows Active Directory is a directory service created by Microsoft. Active Directory uses a number of standardized protocols to provide a variety of network service, including LDAP. LDAP is Lightweight Directory Access Protocol for accessing directories over an IP network.
You configure LDAP settings in the following way:
- In the main menu, click Administration » Settings.
The Basic Settings page appears.
- Click Advanced link.
The Settings page appears.
- Expand Security node in the left of the page.
- Click LDAP Settings » LDAP Connections.
A list of all configured connections appears. You can edit an existing connection by clicking it or you can create a new connection by clicking Create new button.
- Configure the following properties:
| The name of the connection is used for distinguishing LDAP connections in Sitefinity. |
| ServerName |
Enter the name of the server where LDAP is hosted. |
| Port |
Enter the LDAP server port.
The default post is 389. |
| ConnectionDomain |
Enter the domain of the LDAP server. |
| ConnectionUsername |
Enter the username for logging to the LDAP server. |
| ConnectionPassword |
Enter the password for logging to the LDAP server. |
| UseSsl |
Indicates whether the connection use SSL or not |
| ResultCacheExpirationTime |
Enter the seconds, for which the system caches the LDAP server response results. |
| MaxReturnedUsers |
Enter the maximum number of users that is returned on one request to the LDAP. This number is used for internal paging of results, in order to avoid overconsumption of memory and slow retrieval of big chunks of data. |
| UserDns |
Enter the base/root distinguished name (DN) for the users. |
| UserFilter |
Enter the filter that is applied when requesting users from the LDAP. You must use the standard LDAP query syntax. |
| MaxReturnedRoles |
Enter the maximum number of roles that is returned on one request to the LDAP. This number is used for internal paging of results, in order to avoid overconsumption of memory and slow retrieval of big chunks of data. |
| RolesDNs |
Enter the base/root distinguished name (DN) for the roles. |
| RolesFilter |
Enter the filter applied when requesting users from the LDAP. You must use the standard LDAP query syntax. |
| ConnectWithLogOnCredentials |
Indicates whether to use current user credentials or those entered above. If you select this checkbox, the LDAP is connected and browsed with the credentials that the user provides on logging into Sitefinity backend and you do not have to enter user and password into the LDAP configuration. |
Enter one of the following:
- Basic
Indicates that basic authentication will be used with the connection.
- NTLM
Indicates that Windows NT Challenge/Response (NTLM) authentication will be used with the connection.
|
- When you are finished with the configurations, click Save changes.
- To select which is the default LDAP connection to be used, click LDAP Settings and enter the name of the connection in DefaultLdapConnection input field and click Save changes button.
EXAMPLE: The following screenshot shows an example of an LDAP configuration:
Additional information about LDAP
LDAP is based on X.500 specification and specified in Directory service (RFC1777). It stores attribute based data and is more often used to read than to write to the directory. There are no transactions and no rollback.
LDAP has a hierarchical data structure. Directory entries are in a tree-like structure called Directory Information Tree (DIT). The following screenshot displays a sample DIT:
LDAP uses the following attribute abbreviations:
| User ID |
cn
|
Common Name |
sn
|
Surname |
l
|
Location |
ou
|
Organizational Unit |
o
|
Organization |
dc
|
Domain Component |
st
|
State |
| Country |
Search filters
The following table lists the meaning of operators used in search filters:
Meaning
|
&
|
AND
|
|
|
OR
|
!
|
NOT
|
~=
|
Approximately equal |
>=
|
Greater than or equal |
<=
|
Less than or equal |
| any |
EXAMPLE: The following are examples of search filters:
- (objectclass=posixAccount)
- (cn=Mickey M*)
- (|(uid=fred)(uid=bill))
- (&(|(uid=jack)(uid=jill))(objectclass=posixAccount))