LDAP authentication

Use LDAP authentication to access using LDAP credentials.

When a user enters network credentials in the login page:
  1. The instance passes the credentials to an LDAP server to find the instance.
  2. With RDNs, it validates the user's DN string. It validates only if at least one of the LDAP OU configurations with table=sys_user has an RDN configured.
  3. The LDAP server responds with an authorized or unauthorized message that the system uses to determine whether access should be granted.

By authenticating against your LDAP server, users access the platform with the same credentials that they use for other internal resources on your network domain. Also, you can reuse any existing password and security policies that are already in place. For example, the LDAP server may already have account lockout and password expiration policies.

When you enable LDAP, the system updates user records with these fields.

Table 1. LDAP user record updates
Field Description
Source Identifies whether or not LDAP is used to validate a user. If the source starts with ldap, then the user is validated via LDAP. If the source does not start with ldap, then the password on the user record is used to validate the user upon login.
LDAP Server Identifies which LDAP server authenticates the user when there are multiple LDAP servers.
Note: The system does not support LDAP password authentication through a MID Server. An instance must be able to directly connect with an LDAP server to support password authentication.