LDAP Configuration
Starting with version 4.0 we support multiple LDAP servers.
To define and query those servers access the configuration page from LDAP Configuration link available in cPrime apps menu. After the page is rendered click Add LDAP button.
In appeared dialog input the type of directory, the name of that configuration, unique among other LDAPs, the URL, Base Distinguished Name and the user / password for that LDAP server.
Parameters:
- Directory - the directory type. Only MS Active Directory is supported at the moment. If you have other LDAP type, ask for support.
- Name - the LDAP configuration name, unique.
- Base DN - the base DN, used as a root for that LDAP.
- User / Password - the LDAP user and the password (it is not usually a single word, but a string like shown above)
There are also two optional parameters:
- Connection time-out, self explanatory
- Use cache - if checked, it will cache the records. Use it for better performance, but it may not reflect exactly what's in the LDAP database.
Click Test button to test the configuration validity. Any errors are reported back into the page dialog, allowing you to adjust your configuration until the connection is established successfully.
Once added, the LDAP configurations can be edited, removed and tested from the same page:
Changes are visible immediately.
Default LDAP
You can mark the default LDAP server by clicking Make Default icon. Only one LDAP may be configured as default. This setting was necessary to obey the backward compatibility rules. Since the LDAP routines have received one optional extra parameter which represents the LDAP configuration name, in order to make old programs run without modifications, we added the default LDAP (or primary LDAP). This default LDAP is used when that parameter in the LDAP calls is missing.
Of course, only one LDAP configuration may be marked as default.
Warning
Right now, only the Microsoft Active Directory is supported, though it might work with other systems too (for example works with OpenDS). However, we are eagerly waiting for requests to extend this functionality to different LDAP servers.