Before initiating the configuration process, your LDAP administrator must complete the following two steps:
Step 1: Create Klera User Group
- Create a User Group in Active Directory Server (ADS).
- Add users to this group for providing access to Klera.
Step 2: Gather the following LDAP attribute details
- Server Host Name: ADS hostname or IP address (e.g. org.com).
- Directory Server Type: Type of LDAP directory to be connected.
(E.g. Microsoft Active Directory, OpenDS or Custom) - Security Mode: ADS Security Protocol (e.g. SSL or non-SSL).
Note: If ADS is hosted on SSL, then ADS admin needs to provide a Trusted Certificate. This certificate will be installed on Klera server. Refer the Readme.txt file available at "<Installation Directory>\Klera\Klera\Tools\InstallADSCertificateToKlera", for example: C:\Program Files\Klera\Klera\Tools\InstallADSCertificateToKlera - Server Port: Port number of the ADS.
- Base DN: Base DN for searching the users in ADS.
(E.g. DC=org,DC=com) - User DN: Distinguished Name of a user who has permissions to search (read-only) in the LDAP directory.
(E.g. CN=Test User,OU=KleraUsers,DC=org,DC=com) - Password: Password of the user with search permissions.
- Additional User DN: This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN.
(E.g. ou=Users,DC=com) - Additional Group DN: This value is used in addition to the base DN when searching and loading groups. If no value is supplied, groups will not get synced.
Note: If no value is supplied for Additional User DN or Additional Group DN, the subtree search will start from the base DN. In case of huge directory structure, this could cause performance issues while syncing users and groups. |
LDAP Server Schema (User and group schema)
- Directory Server Name: LDAP server name.
- User Object Class: Class name used for the LDAP user object. (E.g. user)
- User Object Filter: Filter defines the part of the LDAP tree from which users will get synced. A filter should be created with both user and group memberships. (E.g. If your LDAP Administrator created a user group for Klera as “KleraUG”, your filter will be: memberof=CN=KleraUG,OU=OnMail,DC=org,DC=com.
Here, the filter will fetch all users in “KleraUG” user group in Active Directory Server). - User Name Attribute: The attribute field to be used while loading the username.
E.g.- cns
- AMAccountName
- User First Name Attribute: The attribute field to be used while loading the user's first name. (E.g. givenName)
- User Last Name Attribute: The attribute field to be used while loading the user's last name. (E.g. sn)
- User Email Attribute: The attribute field to be used while loading the user's email address. E.g. mail
- Group Object Class: The class name used for the LDAP group object. (E.g. groupOfUniqueNames)
- Group Object Filter: Group Object filters are used to control the groups that will be imported on Klera from ADS. (E.g. OU=OnMail,DC=org,DC=com)
Above filter will import all the groups that come under Organization “OnMail”. - Group Name Attribute: The class name used for the LDAP group object.
E.g.- groupOfUniqueNames
- group
- Group Members Attribute: The attribute field to be used while loading the groupmembers. (E.g. member)