Add LDAP Connections

Before you begin

Make sure you have a verified domain to use with this connection.

About this task

To add an LDAP connection to SOTI Identity:

Procedure

  1. In the SOTI Identity Admin Console, open the main menu and select Directories/IDP.
    You can also add an LDAP connection from the Users view. Click New Group/Directory and select LDAP Connection.
  2. Click New Directory in the upper right corner and select LDAP Connection to open the Configure LDAP dialog screen.
  3. Fill in the fields for the LDAP Settings section.
    LDAP Server Select the type of LDAP server from drop-down list. A selected server type defines the default search attributes. Select any one of the server types:
    • Active Directory: This directory service refers to Microsoft Active Directory (AD), which stores and organizes information about the users.
    • Domino: This LDAP directory service refers to IBM Domino Directory, which stores and organizes information about the users.
    • Open Directory: This LDAP directory service refers to Apple Open Directory, which stores and organizes information about the users.
    Name Enter the name of the LDAP connection. SOTI Identity checks the availability of the name within its system. Unavailable names are flagged and you cannot save the LDAP connection until it is updated.
    Domain Select a domain from the dropdown list.

    Domains control who can (or can't) log into a SOTI Identity account and its associated applications. Each LDAP connection is mapped to a domain.

    Only domains that are verified appear in this list.
    Server Enter the complete LDAP server address.
    Port The default port number for making LDAP server connections is 389 (or 636 if you are using Secure Sockets Layer (SSL)). However, the port can be any value, it simply has to match the server's settings.
    Use SSL Select Use SSL option to secure the LDAP communication over SSL tunnel.
    Accept Untrusted Certificate Select this option to allow SSL connection to use an untrusted certificate, which in most cases is a self-signed CA root certificate. It is not recommended to enable this option in live environments.
    Authentication Type Select the authentication type necessary for connecting to the server. This should match the server's settings.
    • Anonymous: This indicates that the connection is made without passing credentials.
    • Basic: This indicates that the connection is made using basic authentication.
    • Negotiate: This indicates that the connection is made using Microsoft Windows Negotiate authentication.
    User Enter the username for binding to the LDAP connection. This option is active when the authentication type is Basic or Negotiate.
    Password Enter the password of the binding user.
    Base DN Define the highest level of the LDAP search scope. The Base DN is a point from where the server searches for users. The top level of the LDAP directory tree is the base and referred to as the Base DN or RootContainer. Base DNs that are unavailable in SOTI Identity system are flagged and you cannot save the LDAP connection until it is updated.
    Referrals Control whether the LDAP connection can follow references to alternative locations where the LDAP request may be processed.

    Enable Follow Referrals to allow the binding server and the referral servers listed in the search response to be searched.

    Enable Follow Static Referrals to allow the binding server, the referral servers, and the servers in the static referral server list to be searched. Follow Referrals must be enabled to apply this setting.
  4. Optional: Choose a SOTI Cloud Link Agent from the dropdown list or click Manage to add a new SOTI Cloud Link Agent.
    A SOTI Cloud Link Agent is an on premises component that securely extends LDAP to SOTI ONE cloud applications.

    To learn more about SOTI Cloud Link Agent and how to configure it, read SOTI Cloud Link Agent Documentation

  5. Fill in the fields for the General Attributes section.
    Authentication Search Pattern This provides a search string for fetching the LDAP users' authentication information.
    Group Search Pattern This provides a search string for fetching the LDAP users' group information.
    User Search Pattern This provides a search string for fetching the LDAP users' information.
    Account Name This refers to the keyword defining the search filter for fetching the account name.
  6. Fill in the fields of the Map User Attributes section.
    First Name This refers to the keyword defining the search filter for fetching the user's first name.
    Last Name This refers to the keyword defining the search filter for fetching the user's last name.
    Email This refers to the keyword defining the search filter for fetching the user's email address.
    Member of This refers to the keyword defining the search filter for fetching the user's group membership details.
  7. In the Map Additional User Attributes section, click to add additional user attributes. Enter a name for the user attribute and then select an attribute from the Mapped Attribute dropdown list.
  8. Click Configure to save your LDAP connection.

Results

The new LDAP connection appears in the Directories List where you can update it at any time.