LDAP authentication
For LDAP Authentication (including Active Directory), select Use LDAP for authentication and configure the fields that appear as below.
Server URI: address of your LDAP server (must begin with
ldap://
orldaps://
)Bind DN: the full distinguished name of the LDAP account to use for user lookups
If your LDAP server does not require authentication, set this to an empty string using a pair of double quote marks ( "" )
Bind Password: the password for the Bind DN account
Use an empty string (as above) if your server does not require authentication
Search DN (a.k.a. Base DN): the DN that Dash Enterprise will use to search for users when authenticating
Usually related to the LDAP server’s domain name; e.g. server.ad.your-company.com will have a Base DN of
"CN=Users,DC=server,DC=ad,DC=your-company,DC=com"
To use the Global Catalog Server:
With LDAP: append :3268 to your LDAP Server URI (e.g.
ldap://ad.your.company:3268
)With LDAPS: append :3269 to your LDAP Server URI
(Optional) Group DN: usually the same as the Search DN
Dash Enterprise will search this tree for valid user groups
May be left blank if not using LDAP group sharing with Dash apps
(Optional) Restrict LDAP login based on group membership: enable this only if you want members of a specified LDAP group to be able to log in
Requires the full DN of the group
Advanced group checking (including AND, OR, and NOT operations) is supported
(Optional) Install a Self-Signed TLS/SSL Certificate for LDAP option if your LDAP server uses a self-signed certificate
Not recommended: You may check Disable LDAP Auth Certificate Checking to bypass this option; however, this exposes your authentication to man-in-the-middle attacks
(Optional) Check Use Custom Search Filter box and specify a new Search Filter or Group Filter if needed
(Optional) Check Restrict licenses based on LDAP/SAML group membership and enter a group name (the full DN is not required here)
Note: If any of the LDAP specifications require the use of a single quote, the quote must be escaped in such a way that it can be parsed via a Python YAML interpreter and exported within a Bash script
Any single quote must be represented as follows: ''"''"''
Example:
CN=User's,DC=ad,DC=plot,DC=ly
must be entered asCN=User''"''"''s,DC=ad,DC=plot,DC=ly
(Optional) For testing purposes only, check Enable authentication logs to make authentication logs available via a secret URL
NOT recommended for production use, since authentication logs may contain confidential data
Last updated