LDAP authentication

Aus WikiWICE
Wechseln zu: Navigation, Suche

LDAP authentication

The Lightweight Directory Access Protocol (LDAP) is a protocol that allows the query and modification information of directory services (a hierarchical database distributed on the network). It provides the communication between the so-called LDAP client and the directory (directory server). Normally, the WICE-user login is authenticated using the WICE username and WICE password. The passwords are stored in the WICE administration. With the LDAP authentication you can however move the password management on an LDAP server (slapd by openldap).

OpenLDAP is an implementation of the LDAP protocol as a free software. OpenLDAP is part of most current Linux distributions.


Bulbgraph.png
Hint:

Please note: the simultaneous operation of a LDAP services for authentication on the WICE Server and the WICE LDAP connector

requires professional knowledge of the configuration of slapd. We recommend to use no LDAP service of authentication on the WICE server itself, but to run it on another server.



Ldap.png
Screenshot: Input mask for the LDAP configuration

If you are using LDAP authentication, the name of the user account in WICE(not the assigned employee) and the LDAP server name must be the same. All login-related features such as expiration of accounts, disabled accounts, forcing new passwords, entering new passwords in the profile etc. are ineffective in the LDAP authentication mode. Alone the limitation of user accounts on certain IP addresses keeps it`s effect.