LDAP authentication
LDAP authentication
The Lightweight Directory Access Protocol (LDAP) is a protocol that allows the query and modification information of directory services (a hierarchical database distributed on the network). It provides the communication between the so-called LDAP client and the directory (directory server). Normally, the WICE-user login is authenticated using the WICE username and WICE password. The passwords are stored in the WICE administration. With the LDAP authentication you can however move the password management on an LDAP server (slapd by openldap).
OpenLDAP is an implementation of the LDAP protocol as a free software. OpenLDAP is part of most current Linux distributions.
Hint: Please note: the simultaneous operation of a LDAP services for authentication on the WICE Server and the WICE LDAP connector requires professional knowledge of the configuration of slapd. We recommend to use no LDAP service of authentication on the WICE server itself, but to run it on another server. |
If you are using LDAP authentication, the name of the user account in WICE(not the assigned employee) and the LDAP server name must be the same. All login-related features such as expiration of accounts, disabled accounts, forcing new passwords, entering new passwords in the profile etc. are ineffective in the LDAP authentication mode. Alone the limitation of user accounts on certain IP addresses keeps it`s effect.