Connection of an LDAP system

Two-Step Authentication

With two-step authentication, the first step is to search for the user name entered in the login dialog using the access data of a technical user. In the second step, the actual authentication is carried out using the user’s returned DN and the password entered in the login dialog. If several objects with the attribute value searched for are found, the login is attempted for the next object until a login is successful.

Configuration and Prerequisites (Overview)

  • The plugin LDAP connection (AccessManager_Ldap) must be activated and the corresponding accessmanagerldap config must be adapted.

  • The LDAP system must be entered as the authenticator "LDAP" in the accessmanager config. Information on authenticators

If the LDAP system is to be used as a group mapper (Information on group mappers):

  • The LDAP system must be entered in the accessmanager config as the group mapper "LDAP".

  • Rules must be configured for the assignment of logged-in users to Cadenza user groups (see elements <rule> and <dynamic-group-rule>).

If the LDAP system is to be used as a property mapper (Information on property mappers):

  • The LDAP system must be entered in the accessmanager config as property mapper "LDAP".

  • User variables must be defined via which certain properties of the user can be transferred from their attributes in the LDAP system to Cadenza (see elements <attribute>, <user-mail-attribute> and <user-real-name-attribute>).

Activate Plugin and Adapt Configuration

The plugin LDAP connection (AccessManager_Ldap) must be activated.

The corresponding accessmanagerldap config must be adapted. See the accessmanagerldap config reference for details.