Overview
In this article, you will understand what connection settings you need for your Directory Server.
Information
When configuring a Directory Server there are some settings you need to set up. Following, you will find a brief explanation of each one of these settings so you can have a better understanding of what is needed and where you can get this information from.
All the following fields are required except Failover Host and Failover Port.
FastPath: Admin Console > People > Directory Settings
Setting |
Description |
Server Type (Required) |
Select the Directory server type you are trying to integrate
- Active Directory: A closed source Directory Service implementation designed by Microsoft used for directory services authentication.
- LDAP: An open and cross-platform protocol used for directory services authentication.
|
Primary Host (Required) |
Enter the Primary Host of your Directory Server according to An LDAP URL Format
<hostport> ::= <hostname> [ ":" <portnumber> ]
- For example ldap.jivesoftware.com port: 5000
|
Failover Host |
Enter the Secondary Host of your Directory Server according to An LDAP URL Format
<hostport> ::= <hostname> [ ":" <portnumber> ]
- For example ldap2.jivesoftware.com port: 5000
|
Base DN(Required) |
What is a Distinguished Name?
- The starting DN that contains all user accounts.
- The entire subtree under the base DN will be searched for user accounts unless an RDN is specified.
- An RDN is the relative portion of a distinguished name, which uniquely identifies an LDAP object (For example, CN=John Smith
- DN’s are used to unambiguously refer to directory entries
- A DN is not used as the name of the object itself, but it is instead a base type from which some user attribute types with a DN syntax can inherit
- A DN may contain any of the following attributes:
- CN commonName
- L localityName
- ST stateOrProvinceName
- O organizationName
- OU organizationalUnitName
- C countryName
- STREET streetAddress
- DC domainComponent
- UID userId
|
Administrator DN |
- The full DN of a directory administrator
- All directory operations must be performed with this account
- The admin must be able to perform searches and load user records
- The user does not need to be able to make changes to the directory
- If the property is not set, an anonymous login to the server will be attempted
|
Advanced Settings |
- User SSL: Specifies whether to use an SSL connection to communicate with the LDAP server.
- Enable Debug: Specifies whether LDAP debug logging is on.
com.jivesoftware.base.ldap=Debug
com.jivesoftware.base.ldap.ContextSourceFactory=Debug
- LDAP logging is extremely verbose and should never be used in production unless Support recommends it. Using debug mode can cause serious performance problems or system failure
-
Caution: If ldap.ldapDebugEnabled is on (true), LDAP traffic can be logged, and user passwords can be printed in plain text to the application's SBS.out log file if connections to LDAP are unencrypted, i.e., non-SSL. It is your responsibility to ensure that your LDAP communication runs over an SSL connection.
- Follow Referrals: Specifies whether LDAP queries will follow referrals.
- This property should always be set to true for Active Directory
|
Comments
0 comments
Please sign in to leave a comment.