Connection of an LDAP system

Two-Step Authentication

With two-step authentication, the first step is to search for the user name entered in the login dialog using the access data of a technical user. In the second step, the actual authentication is carried out using the user’s returned DN and the password entered in the login dialog. If several objects with the attribute value searched for are found, the login is attempted for the next object until a login is successful.

Configuration and Prerequisites (Overview)

  • The plugin LDAP connection (AccessManager_Ldap) must be activated and the corresponding configuration file accessmanagerldap-config.xml must be adapted.

  • The LDAP system must be entered as the authenticator "LDAP" in the accessmanager-config.xml file. Information on authenticators

If the LDAP system is to be used as a group mapper (Information on group mappers):

  • The LDAP system must be entered in the accessmanager-config.xml file as the group mapper "LDAP".

  • Rules must be configured for the assignment of logged-in users to Cadenza user groups (see elements <rule> and <dynamic-group-rule>).

If the LDAP system is to be used as a property mapper (Information on property mappers):

  • The LDAP system must be entered in the accessmanager-config.xml file as property mapper "LDAP".

  • User variables must be defined via which certain properties of the user can be transferred from their attributes in the LDAP system to Cadenza (see elements <attribute>, <user-mail-attribute> and <user-real-name-attribute>).

Activate Plugin and Adapt Configuration File

The plugin LDAP connection (AccessManager_Ldap) must be activated.

The corresponding configuration file accessmanagerldap-config.xml must be adapted. See the accessmanagerldap config file reference for details.