This article describes the steps required to configure the Broker to use Active Directory/LDAP as an authentication and user management source.
Prerequisites
- Administrative access to the Admin Console UI
- The following AD/LDAP properties:
- Hostname and port of the AD/LDAP host
- Distinguished name of the service account used for binding to the LDAP host
- Password for the LDAP bind user
- Distinguished name of the LDAP location to search for users
- Distinguished name of the LDAP location to search for groups
- User attribute for mapping
- Group attribute for mapping
Configure AD/LDAP
- Log in to the Admin Console UI
- Navigate to Broker Configuration
- Select the User Authentication tab
- Check the checkbox for LDAP Enabled, and provide the following information
- LDAP Server URL: Hostname and port of the AD/LDAP host, in the format ldap://<hostname_or_ip>:<port>
- LDAP Server Bind User Name: Distinguished name of the service account used for binding to the LDAP host, with at least read permissions
- LDAP Bind Password: Password for the LDAP bind user
- Search Base DN: Distinguished name of the LDAP location to search for users
- Group Search Base DN: Distinguished name of the LDAP location to search for groups
- User Attribute Mapping: User attribute for mapping - for AD, this value is usually userPrincipalName ={0}
- Group Attribute Mapping: Group attribute for mapping - for AD, this value is usually member={0}
- Test username: A user which can be used to test the AD/LDAP configuration, in the format <username>@<service_principal_name>
- Click Test Settings
- A status message indicates that the test was successful
- Re-enter the LDAP Bind Pasword
- Click Apply Changes
- A status message indicates that the settings were successfully applied
- Restart the Broker Application Service