URL
- ldap://example.com:389 -- a verified encrypted (TLS) connection;
- ldaps://example.com:636 -- an SSL connection.
Filter
- dc=example,dc=com??sub?(&(ou=mathematicians)(uniqueMember=uid=%s,dc=example,dc=com)) --
could be empty, ePortal uses this filter to make a search after LDAP bind
(if result is not empty, user is authorized).
Connection string (DN template)
- uid=%s,dc=example,dc=com -- must contain login placeholder (`%s`).
Use URL to adjust security and timeout parameters
- strict_check=0 -- to disable strict certificate check (enabled by default);
- tls=0 -- to disable TLS (enabled by default);
- timeout=30 (5 by default).
URL with security parameters: ldap://example.com?strict_check=0&timeout=30&tls=0
Example of LDAP access configuration
Here is
a test LDAP server.
To make any user to have an access provide URL and connection string:
URL: ldap://ldap.forumsys.com
connection string: uid=%s,dc=example,dc=com
To make users from "mathematicians" OU only to have an access provide URL, filter and connection string:
URL: ldap://ldap.forumsys.com
filter: dc=example,dc=com??sub?(&(ou=mathematicians)(uniqueMember=uid=%s,dc=example,dc=com))
connection string: uid=%s,dc=example,dc=com
The following entry is searched to limit access for users in "mathematicians" OU using filter above:
- base "dc=example,dc=com",
- "mathematicians" organization unit,
- contains "uniqueMember" property with DN of corresponding user.
Note that you could use "%s" in both connection string and filter as a placeholder for user login.
Each LDAP implementation has it's own peculiar properties,
so we cannot provide any specific information about LDAP URL configuration,
because it depends entirely on exact LDAP server configuration.
To retrieve more information, please, see
The LDAP URL Format RFC.
If you have problems with configuring your LDAP access,
please, contact our
support.