Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page

Was this helpful?

  1. Configuration
  2. Authentication settings

LDAP authentication

For LDAP Authentication (including Active Directory), select Use LDAP for authentication and configure the fields that appear as below.

  1. Server URI: address of your LDAP server (must begin with ldap:// or ldaps://)

  2. Bind DN: the username of the LDAP account to use for user lookups, for example: "admin_svc".

    • If your LDAP server does not require authentication, set this to an empty string using a pair of double quote marks ( "" )

  3. Bind Password: the password for the Bind DN account

    • Use an empty string (as above) if your server does not require authentication

  4. Search DN (a.k.a. Base DN): the DN that Dash Enterprise will use to search for users when authenticating

    • Usually related to the LDAP server’s domain name; e.g. server.ad.your-company.com will have a Base DN of "CN=Users,DC=server,DC=ad,DC=your-company,DC=com"

    • To use the Global Catalog Server:

      • With LDAP: append :3268 to your LDAP Server URI (e.g. ldap://ad.your.company:3268)

      • With LDAPS: append :3269 to your LDAP Server URI

  5. (Optional) Group DN: usually the same as the Search DN

    • Dash Enterprise will search this tree for valid user groups

  6. May be left blank if not using LDAP group sharing with Dash apps

  7. (Optional) Restrict LDAP login based on group membership: enable this only if you want members of a specified LDAP group to be able to log in

    • Requires the full DN of the group

    • Advanced group checking (including AND, OR, and NOT operations) is supported

  8. (Optional) Install a Self-Signed TLS/SSL Certificate for LDAP option if your LDAP server uses a self-signed certificate

    • Not recommended: You may check Disable LDAP Auth Certificate Checking to bypass this option; however, this exposes your authentication to man-in-the-middle attacks

  9. (Optional) Check Use Custom Search Filter box and specify a new Search Filter or Group Filter if needed

  10. (Optional) Check Restrict licenses based on LDAP/SAML group membership and enter a group name (the full DN is not required here)

    • Note: If any of the LDAP specifications require the use of a single quote, the quote must be escaped in such a way that it can be parsed via a Python YAML interpreter and exported within a Bash script

      • Any single quote must be represented as follows: ''"''"''

      • Example: CN=User's,DC=ad,DC=plot,DC=ly must be entered as CN=User''"''"''s,DC=ad,DC=plot,DC=ly

  11. (Optional) For testing purposes only, check Enable authentication logs to make authentication logs available via a secret URL

    • NOT recommended for production use, since authentication logs may contain confidential data

PreviousBuilt-in local authenticationNextSAML authentication

Last updated 2 years ago

Was this helpful?