Versions Compared

Old Version 2

changes.mady.by.user Anssi Kivinen (Deactivated)

Saved on

compared with

New Version 3

changes.mady.by.user Anssi Kivinen (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If your organisation does not currently use this functionality, please fee free to skip this chapter. Also ensure it is not enabled if it is not used. For those interested in more details on LDAP Server implementation, schemas, and internal structure, there is the document “onePortal™ Architecture and Functionality” (DocID 1001-111C). It is a technical guide available on request from support.

Enabling LDAP Server in Web UI

...

Select (tick) “LDAP Server” and then select “Save” to allow enabling LDAP Server at namespace level. Alternatively unselect it and select “Save” to disable LDAP Server onePortal™ platform wide. This setting can be considered as a “master switch” for the LDAP functionality. Depending on the business requirements, LDAP Server is generally either always disabled and it must not be enabled, or it is always enabled and widely utilised.

Portal Admin, please note, when the checkbox check box is unselected, the LDAP Server service is automatically stopped. This disables the LDAP service immediately for all namespaces. When it is selected, LDAP Server service is automatically started. The stopping and starting is done when the Save button is selected to save the configuration. The text next to LDAP Server shows the current state of LDAP Server.

...

  • “Scope for LDAP enablement” setting determines which user accounts in the namespace will have LDAP enabled for them. By default it is enabled for all user accounts, but it is possible to select a group, and LDAP will be enabled only for user accounts directly or indirectly member of that group. If group limiting is made, it is recommended to use descriptive name for that group such as “LDAP_Auth_Enabled”.

  • “LDAP authentication password” and its password. It is recommended to use very long password for this DN. Keep that password safe, and change it yearly or whenever organisation policy demands it to be changed. It is important to understand this DN does not allow any access to external services, neither is that DN able to make any changes to data in LDAP, or onePortal™TIS. It is purely used as a technical “account” during the actual authentication.

Note

LDAP DN (distinguished name)” is generated automatically on onePortal™TIS. LDAP DN is very commonly required by external services and applications for them to be able to use onePortal™ for LDAP authentication.

...

TIS for LDAP authentication.


When enabled and active, the LDAP Server server is available and accessible at the primary service address at TCP port 389 via StartTLS protocol and at TCP port 636 via TLS protocol. onePortal™ Appliance TIS is able to manage required TLS key and certificate. If external load-balancer is used, TLS is normally terminated there, and traffic is directed to TCP port 389.

For those interested, the LDAP Server onePortal™ TIS currently uses is OpenLDAP with tightened and optimised settings and full automation for onePortal™ Appliance TIS's purposes.