Configuring LDAP Access

• Enter the Name and Description for the new Active Directory.
• To enable the LDAP service, select Enable Directory Service.
• In the Server field, enter the LDAP server fully qualified name or IP address.
• In the Port field, enter the LDAP service port.
• In the Treebase field, enter the base distinguished name.
• In the Filter field, enter sAMAccountName for Windows Active Directory service (LDAP based) or uid for LDAP.
• For Login Method, select Anonymous (no login/password required) or Login (login/password required).

If the process is successful, the following message appears:

Active directory was successfully created. Successfully connected to Active Directory.

If the new active directory fails, an error message appears, citing the specific reasons for failure and giving instructions for retrying the process.

Connection to Active Directory failed: Reason for error. Active Directory has been disabled. Adjust your settings, click on Enable Directory Service, and save again to retest.

A user with type Active Directory User is created automatically by Orchestrator the first time this login is successful. Click Account > Users; in the Listing Users screen, check the Type column to confirm that Active Directory User is listed.

After the user logs in with a login (username) and password, Orchestrator performs a combination of LDAP binding and search. First, it connects and binds to the LDAP server via the login credentials as configured in the Active Directory Service Details screen. Then it searches the LDAP server for an entry corresponding to the filter specified in Step 2 (for example, uid=loginname). If the entry exists, it rebinds as that user with the password entered by the user.