LDAP authentication
For LDAP Authentication (including Active Directory), select Use LDAP for authentication and configure the fields that appear as below.
- 1.Server URI: address of your LDAP server (must begin with
ldap://
orldaps://
) - 2.Bind DN: the username of the LDAP account to use for user lookups, for example: "admin_svc".
- If your LDAP server does not require authentication, set this to an empty string using a pair of double quote marks ( "" )
- 3.Bind Password: the password for the Bind DN account
- Use an empty string (as above) if your server does not require authentication
- 4.Search DN (a.k.a. Base DN): the DN that Dash Enterprise will use to search for users when authenticating
- Usually related to the LDAP server’s domain name; e.g. server.ad.your-company.com will have a Base DN of
"CN=Users,DC=server,DC=ad,DC=your-company,DC=com"
- To use the Global Catalog Server:
- With LDAP: append :3268 to your LDAP Server URI (e.g.
ldap://ad.your.company:3268
) - With LDAPS: append :3269 to your LDAP Server URI
- 5.(Optional) Group DN: usually the same as the Search DN
- Dash Enterprise will search this tree for valid user groups
- 6.May be left blank if not using LDAP group sharing with Dash apps
- 7.(Optional) Restrict LDAP login based on group membership: enable this only if you want members of a specified LDAP group to be able to log in
- Requires the full DN of the group
- Advanced group checking (including AND, OR, and NOT operations) is supported
- 8.(Optional) Install a Self-Signed TLS/SSL Certificate for LDAP option if your LDAP server uses a self-signed certificate
- Not recommended: You may check Disable LDAP Auth Certificate Checking to bypass this option; however, this exposes your authentication to man-in-the-middle attacks
- 9.(Optional) Check Use Custom Search Filter box and specify a new Search Filter or Group Filter if needed
- 10.(Optional) Check Restrict licenses based on LDAP/SAML group membership and enter a group name (the full DN is not required here)
- Note: If any of the LDAP specifications require the use of a single quote, the quote must be escaped in such a way that it can be parsed via a Python YAML interpreter and exported within a Bash script
- Any single quote must be represented as follows: ''"''"''
- Example:
CN=User's,DC=ad,DC=plot,DC=ly
must be entered asCN=User''"''"''s,DC=ad,DC=plot,DC=ly
- 11.(Optional) For testing purposes only, check Enable authentication logs to make authentication logs available via a secret URL
- NOT recommended for production use, since authentication logs may contain confidential data
Last modified 2mo ago