LDAP Configuration

From Userful Support
Jump to navigationJump to search



Copyright © 2020 Userful Corporation. All rights reserved.
(Updated 2020.01.24)


To return to the main documentation page, Click Here.



Introduction

LDAP (Lightweight Directory Access Protocol) can be used to centrally control access to applications and functionality within an organization.

Within the Userful Control Center and Command & Control module, you can integrate your existing LDAP server so that new users can be added and authenticated using their existing credentials.

This feature is available only with an “Enterprise” level license. If you are interested in upgrading to take advantage of this feature, please contact your Userful representative or sales@userful.com.

Initial Configuration

As an Admin user, go to Settings → LDAP Configuration. Enter details of your LDAP server as shown below:

  • LDAP Server URL
    • This is the location of your LDAP Server within your network.
    • Format: ldap://[server_address]:[port_number]
  • DN Template
    • Format: uid={0},ou=[value](comma separated list),dc=[value](comma separated list)
    • uid={0} - This identifies the LDAP field (user ID) which will be used for authentication on the LDAP server.
    • ou=[value] - There could be a number of these entries, separated by commas. They need to be in the correct order, and determine the path to users which can be authenticated on the system. Consult your LDAP administrator for correct values. (An example, if you only want employees to be given access could be: ou=users,ou=employees)
    • dc=[value] - identifies the “Domain Component” of the user details. There will likely be multiple entries here as well, identifying the domain of the users being given access. (As an example, to allow users in the userful.com domain, there would be two entries: dc=userful,dc=com)

Using the examples above, the DN Template would be: uid={0},ou=users,ou=employees,dc=userful,dc=com

Since every LDAP installation is different, it is important to work with your LDAP Administrator to determine the right ou and dc values.

Testing the Connection

By clicking “Test Connection”, you are checking that the LDAP Server URL (as entered) is valid. In a few moments, the test should return a success message. If you get a message that the test was not successful, recheck the values you entered, and work with your LDAP Administrator to troubleshoot.

This test will not tell you if you have correctly configured the DN Template, as that will require setting up a user and logging in.

Setting up an LDAP User

  • On the Users screen, click on “Add User”
  • In the User Name field, enter a username which matches a user already configured in LDAP.
  • Check the “External User” checkbox, and assign the user to one or more groups. (For testing purposes, ensure this initial user has access to the Control Center application.)
  • Click OK.

Testing the LDAP Integration

  • After an LDAP user is created, confirm that the integration is correctly configured by clicking Logout, then logging in as the newly created user. The password for this user will match their existing LDAP password.

Troubleshooting

If login of the new user fails, there could be several different reasons.


You are not authorized to access this application.

  • This means that authentication for the user was successful, but they do not have access permissions for the interface being used.
    • An example would be if the user only has access to the Command and Control module, and is logging into the Control Center.


Invalid user name or password.

  • This means that authentication failed on the server.
    • Check that the username and password are exactly as expected and try logging in again.
    • If it still does not work, log in as an admin user, and ensure that the user account was set up with a name that exactly matches one in LDAP.
    • Next, return to Settings → LDAP Configuration and ensure that the DN Template is correct. Work with your LDAP Server administrator to confirm all parameters are correct.