ldapwhoami -H ldap://ldap.server.com -D "<bind user DN>" -W -x -v
Lightweight Directory Access Protocol (LDAP)
SD Elements can be configured to rely on an LDAP user store for validating access to the application.
Configure LDAP for Single Sign-on
Follow the steps below to configure LDAP for Single Sign-on.
-
SSH credentials for sde_admin
-
The application user is a Super User.
-
Network access to the LDAP server.
-
LDAP Information
-
Server URI: The URI of the LDAP server
-
Bind DN: The distinguished name to use when binding to the LDAP server
-
Bind Password: The password to use with the bind DN
-
Start TLS: Indication if connection should use Start TLS for security
-
Base DN: The DN within which to search for the user.
-
Scope: The scope of the search
-
User filter: How to match LDAP users
-
-
Login to the SD Elements web application
-
From the gear icon menu, select Authentication.
-
Select option "LDAP" for SSO Type
-
Update the fields using the LDAP Information.
-
Click Save
The server is now setup to authenticate users using LDAP. You can test the configuration using the Test User Authentication section on the page.
Test with the CLI
Verify bind connection details
The ldapwhoami
command can be used to manually test an LDAP connection bind.
-
SSH credentials for sde_admin or sudo access
-
LDAP instance URI
-
LDAP bind user credentials
-
Execute the following command from a shell on the SDE instance:
-
When prompted, enter the bind user’s password.
If a TLS connection is required, append -Z
to the previous command.
If more verbose logging is required, append -d 4095
to the previous command.
If successful, the username of the bind user will be returned.
Verify user lookup
The ldapsearch
command can be used to manually test a user lookup. Only users found using the search filters will be allowed to authenticate to SD Elements.
-
SSH credentials for sde_admin or sudo access
-
LDAP instance URI
-
LDAP bind user credentials
-
LDAP search base DN
-
LDAP search filter
-
Execute the following command from a shell on the SDE instance:
ldapsearch -H ldap://ldap.server.com -D "<bind user DN>" -W -x -v -b "<base DN>" "<search filter>"
-
When prompted, enter the bind user’s password
If a TLS connection is required, append -Z
to the previous command.
If more verbose logging is required, append -d 4095
to the previous command.
If successful, the LDAP user attributes for the user will be returned.