LDAP Connection String (Magic xpa 2.x)
When a user binds to an LDAP server (System Logon = LDAP), a Distinguished Name (DN) and password are sent. The LDAP Connecting String is used to specify the user's DN, which is a unique entry identifier in the LDAP server database, for example: CN=John, OU=users, DC=mycompany, DC=com.
You can use the $USER$ string as an alias for the user name entered in the Logon screen or the user name value returned by the Logon function, for example: CN=$USER$, OU=users, DC=mycompany, DC=com.
The $USER$ string is automatically replaced by the user name. The password entered in the Logon screen or the password value returned by the Logon function will be used for authentication as well.
You can also use the user@domain convention by specifying the LDAP connection string using the following format: $USER$@domain
This method can be used with LDAP servers that support binding using the user@domain convention.
The user@domain convention can be used together with the user's DN by specifying both of them with the ~~ characters as a separator, For example: $USER$@domain.com~~CN=user, OU=users, DC=mycompany, DC=com.
You can choose to define two secret names, LDAP_USER and LDAP_PASS, for the user name and password. The $USER$ alias in the LDAP Connection String will be substituted with the value of the LDAP_USER secret name and the LDAP_PASS secret name will be used for the password when authenticating the user's identification on the LDAP server without using the Logon screen or the Logon function.
Note:
|
-
The credentials are passed to the LDAP server as clear-text.
-
When using the $USER$ convention, it is important not to have a logical name with the name of USER.
|
Change Effective: Immediate
Magic.ini and Command Line Name: LdapConnectionString
LDAP Authentication