19 | | * LDAP URL: The complete URL by which the LDAP server is accessed, including schema and port, of the form ldap://fqdn:port. |
20 | | * Anonymous Login: Indicates whether the LDAP directory may be freely queried without first providing credentials. |
21 | | * Manager DN: When anonymous login is disabled, this indicates the distinguished name of a user who has permission to query all parts of the LDAP tree defined by parameters on this page. |
22 | | * Manager Password: The password for the account of the manager DN. |
23 | | * Base Group DN: Provide the distinguished name of a container holding any groups by which access will be limited. This field is mandatory and usually very broad -- often it is simply the root DC components of the directory DN, since groups can be scattered all throughout the tree. |
24 | | * Search Group Subtree: If enabled, the ESS will search containers descending from the Base Group DN recursively. Most users will enable this option. |
25 | | * Group Attribute !Name/Value pair: If these optional fields are populated, a user that is found to match the offered credentials must also be contained within a group defined by the value field in the pair, where the attribute name is usually OU or CN. Most users will leave these fields blank. |
26 | | * Base User DN: Provide the distinguished name of a container beneath which any users to be granted access can be found. |
27 | | * Search User Subtree: If enabled, the ESS will search containers descending from the Base User DN recursively. Most users will enable this option. |
28 | | * Group Membership Attribute: Provide the global attribute that is used to define horizontal group relationships within the directory. In Microsoft Active Directory systems, this is the memberOfattribute. |
29 | | * User Name Attribute: Provide the global attribute that is used to define the login name associated with a particular user’s distinguished name. In Microsoft Active Directory systems, this is the sAMAccountName attribute. In OpenLDAP systems, this is the uid attribute. |
30 | | * Extra User Attribute Name/Value pair: Optionally, provide an attribute name/value pair that must test true in a user record that matches the offered credentials. This can be used to limit access to users possessing an arbitrary attribute of the administrator’s choosing. This pair of fields is the most versatile and is best used to select a specific subset of users from the larger set defined by the Base User DN. |
| 19 | * ''LDAP URL:'' The complete URL by which the LDAP server is accessed, including schema and port, of the form ldap://fqdn:port. |
| 20 | * ''Anonymous Login:'' Indicates whether the LDAP directory may be freely queried without first providing credentials. |
| 21 | * ''Manager DN:'' When anonymous login is disabled, this indicates the distinguished name of a user who has permission to query all parts of the LDAP tree defined by parameters on this page. |
| 22 | * ''Manager Password:'' The password for the account of the manager DN. |
| 23 | * ''Base Group DN:'' Provide the distinguished name of a container holding any groups by which access will be limited. This field is mandatory and usually very broad -- often it is simply the root DC components of the directory DN, since groups can be scattered all throughout the tree. |
| 24 | * ''Search Group Subtree:'' If enabled, the ESS will search containers descending from the Base Group DN recursively. Most users will enable this option. |
| 25 | * ''Group Attribute !Name/Value pair:'' If these optional fields are populated, a user that is found to match the offered credentials must also be contained within a group defined by the value field in the pair, where the attribute name is usually OU or CN. Most users will leave these fields blank. |
| 26 | * ''Base User DN'': Provide the distinguished name of a container beneath which any users to be granted access can be found. |
| 27 | * ''Search User Subtree:'' If enabled, the ESS will search containers descending from the Base User DN recursively. Most users will enable this option. |
| 28 | * ''Group Membership Attribute:'' Provide the global attribute that is used to define horizontal group relationships within the directory. In Microsoft Active Directory systems, this is the memberOfattribute. |
| 29 | * U''ser Name Attribute:'' Provide the global attribute that is used to define the login name associated with a particular user’s distinguished name. In Microsoft Active Directory systems, this is the sAMAccountName attribute. In OpenLDAP systems, this is the uid attribute. |
| 30 | * ''Extra User Attribute !Name/Value pair:'' Optionally, provide an attribute name/value pair that must test true in a user record that matches the offered credentials. This can be used to limit access to users possessing an arbitrary attribute of the administrator’s choosing. This pair of fields is the most versatile and is best used to select a specific subset of users from the larger set defined by the Base User DN. |