The LDAP setting options for connecting VIMP to a directory service (such as Active Directory or OpenLDAP) are explained below.
LDAP authentication can be activated in the VIMP configuration under “Users” -> “Authentication provider”. The settings described below only apply when activated.
If “LDAP” has been selected as the authentication provider in the configuration, an LDAP role assignment of the existing VIMP roles can be made in role management (“Roles & rights”) and a priority can be assigned.
A total of three LDAP configurations can be defined for the connection of up to three LDAP servers.
Update user data in database
Defines whether the user data in the VIMP database should be updated when logging in.
Allow that the DN of existing entries is changing
This can be the case, for example, if the user has been moved in the LDAP structure.
Purge users if they can't be found inside LDAP anymore
Deletes users permanently if they no longer appear in LDAP during the user sync.
Verify TLS certificates on LDAPS connections
Activates the validation of certificates for LDAPS connections
Save LDAP password to database
Defines whether the LDAP password should also be saved in the VIMP database.
Reactivate deleted users
If this option is activated, users deleted in VIMP are reactivated when they log in again.
LDAP user profile visible by default
If this option is activated, the user profile is visible to other users by default.
Update role mapping with every login
If activated, the role mapping is updated at every login.
LDAP server URL
Full name of the directory server (e.g. ldap://serverip:port or ldaps://serverip:port).
LDAP recursive limit for groups
Defines the depth to which LDAP groups are taken into account (0 = unlimited).
LDAP base for users
FQN (Fully qualified name, http://en.wikipedia.org/wiki/FQN) for the path of the users in the directory service (e.g. dc=domain,dc=com). The user base is the node in the LDAP tree under which the users can be found.
LDAP base for groups
FQN for the path of the groups in the directory service (e.g. dc=domain,dc=com). LDAP group base is the node in the LDAP tree under which the groups can be found.
LDAP group filter
LDAP filter for the groups (e.g. (objectClass=posixGroup)). Group filter is the specification via which the LDAP groups can be found. Typically this is (objectClass=group).
LDAP user filter
LDAP filter for the users (e.g. (objectClass=posixAccount)). This is the specification via which the LDAP users can be found.
LDAP user to search with
FQN for the user with which VIMP logs on to the LDAP server and the directory service is searched (e.g. cn=admin,dc=domain,dc=com). LDAP user is a user who has read access to the entire tree from the respective bases.
LDAP user password to search with
Password for the LDAP user who has read access to the entire tree from the respective bases.
LDAP attribute used to search the user
LDAP attribute with which VIMP searches for users in the directory service (e.g. uid), i.e. from which the user name is determined.
LDAP attribute used to search the member
LDAP attribute used by VIMP to search for users in groups in the directory service (e.g. memberUid). This is a group attribute from which the members of the respective group are determined. Which user is in which group is not determined by the user but by the group.
Use full DN for user search in groups
If activated, the full DN is used as an attribute filter for the user group assignment instead of the CN.
LDAP timeout
The time in seconds that VIMP waits for the connection to the directory server to be established before an error is reported (e.g. 30).
LDAP attribute name for first name
LDAP attribute for the first name in the directory service (e.g. givenName).
LDAP attribute name for last name
LDAP attribute for the last name in the directory service (e.g. sn).
LDAP attribute name for e-mail
LDAP attribute for the e-mail address in the directory service (e.g. mail).
LDAP attribute name for city
LDAP attribute for the city in the directory service (e.g. l).
LDAP attribute name for country
LDAP attribute for the country in the directory service (e.g. c).
Special features for connecting an Active Directory (AD) are described in this article.
In the following find a sample configuration: