Configuring LDAP
You can configure the Lightweight Directory Access Protocol (LDAP) settings any time after the initial library configuration.
The library supports all LDAP servers. You can also use Kerberos for added security. If you want to configure Kerberos, follow the LDAP configuration steps below, and also see Configuring Kerberos.
Before configuring LDAP, obtain the following LDAP parameters from your network administrator:
- Server URI — The Uniform Resource Identifier (URI) of the LDAP server where user account information is stored. The URI includes the LDAP server host name or IP address and can include the LDAP server network port. Port 389 is the default.
- Principal — An LDAP user login ID with permissions to search the LDAP directory. The library logs into LDAP using this ID.
- Password — The password for the principal authorization login ID.
- User DN — The Fully Qualified Distinguished Name that contains the users.
- Group DN —The Fully Qualified Distinguished Name that contains the groups.
- Library User Group — The name of the group on the LDAP server associated with library users who have user privileges (see Working With Local User Accounts for more information on privilege levels). This group must exist on your LDAP server (see LDAP Server Guidelines for more information).
- Library Admin Group — The name of the group on the LDAP server associated with library users who have administrator privileges (see Working With Local User Accounts for more information on privilege levels). This group must exist on your LDAP server (see LDAP Server Guidelines for more information).
 |
NOTE: This operation should not be performed concurrently by multiple administrators logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrator is performing the same operation.
|
You need administrator privileges to configure LDAP.
- From the Setup menu, select User Management > Remote Authentication .
The Setup - Remote Authentication screen displays.
- Under Authentication Type, do one of the following:
-
- To enable LDAP, select LDAP and continue with step 3.
- To disable LDAP, select Local Only and continue with step 4.
- To modify LDAP configuration settings, continue with step 3.
- Enter LDAP configuration settings into the following text boxes:
-
- Server URI
- Principal
- Password
- Confirm Password
- User DN
- Group DN
- Library User Group
- Library Admin Group
- Click Apply to apply any changes.
The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:
-
- If Success displays in the Progress Window, the LDAP settings were successfully applied. Click Close to close the Progress Window. Do one of the following:
- If you enabled LDAP or modified LDAP settings, continue with step 5.
- If you disabled LDAP, continue with step 6.
- If Failure displays in the Progress Window, the LDAP settings were not successfully applied.Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- To test all the new or changed LDAP settings, enter a user name and password and click Test Settings. The user you use for the test must be a member of both the Library User Group and the Library Admin Group on the LDAP server. You may need to create a special or temporary user specifically for this purpose.
The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:
- If Success displays in the Progress Window, the LDAP Test was successful. Click Close to close the Progress Window. Continue to next step.
- If Failure displays in the Progress Window, the LDAP Test failed.Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- Save the library configuration.
For instructions on how to save the library configuration, see Saving the Configuration.
See also: