Configure LDAP Authentication
![]() |
Note: Make sure the uid attribute is properly configured on the LDAP server for target group members. The attribute will be used as the login username of the system. |
- Log in to System Management Page.
- On the System Management page, click User Accounts > External Authentication.
- Click Add LDAP Authentication. A Wizard is opened to guide you through the steps to connect to the LDAP server and configure the tenant or domain access privileges for the imported user accounts.
- Enter a unique name to identify the LDAP server and a brief description.
- Enter the credentials to connect to the LDAP server. See LDAP Server Settings for more details.
- Click Show Group to find available user groups from the LDAP server. All matched groups are listed in the Groups pane.
- Select one or more user groups to import, and then click Next.
Tip: Click Validate to verify whether the selected groups still exist on the LDAP server. Click the icon to remove an invalid group from the list.
- Assign domain access and more privileges to the user accounts in the selected groups one by one under the Set Tenant/Domain Access for Group tab.
- System Admin — click to assign the system administrator role to the user accounts. For the detailed privileges of System Management and User Management, refer to Featured Management Privileges.
- Tenant Access — select one or more tenants to assign access permissions to the user accounts.
- Tenant Admin — select one or more tenants to assign the tenant administrator role to the user accounts.
- Allowed to Create Domain — select the check box to assign the domain creation permission to the user accounts.
- Domain Access — select one or more domains to assign access permissions to the user accounts.
- Domain Privileges — click Assign Privileges to assign more domain privileges to the user accounts by role. See Configure Share Policy for more details.
- Click Save.
- In the pop-up dialog box, enter the username and password of a user account under the specified server address or user root and click Verify to authenticate the connection.
- Click OK in the pop-up dialog box.
- Navigate to the Users tab and click Synchronize With LDAP/AD Server to load the user accounts imported from the LDAP server immediately. Alternately, the user accounts can also be automatically synchronized after the first-time login.
LDAP/AD Server Settings
The following table lists the required credentials when connecting to an LDAP/AD server.
Field | Description | ||||
Server Address | The hostname or IP address of the LDAP/AD server and the search base.
| ||||
Group Root | The OU that the target user groups are located in. For example, ou=G1. | ||||
User Root | The OU where the target user accounts are located in. For example, ou=U1.
| ||||
Connect Type | The security settings of the connections between the LDAP/AD server and NetBrain Web API Server, Regular or Secure(SSL). To enable SSL connections between the AD server and NetBrain Web API Server, see Using SSL on AD Server for more details. | ||||
Server Port | The port number used to listen for LDAP/AD requests and send responses. | ||||
Connect Username | The username to connect to the server.
| ||||
Connect Password | The password of the user to connect to the server. Click change password if you want to modify it. To restore the last password, click Use last password. | ||||
Synchronize Items | The select items to synchronize from the LDAP/AD server to the system. By default, the Username item is selected. |
See also: