Enabling and Configuring LDAP

Trey Duskin -

LDAP is a protocol used for communication with directory services such as Active Directory and OpenLDAP. LDAP integration will enable users connecting to an NFS share to be mapped to their global user and group IDs in your organization's directory.

To enable LDAP and configure it for your SwiftStack Gateway, go to the “Manage Gateway” page and click on the LDAP tab. Check the “Ldap Enabled” box and new options will appear.

 

To configure LDAP provide the following information:

Ldap server list: Enter the IP address of the LDAP server. If there is more than one LDAP server IP address, separate them with commas.

 

Ldap server port: The standard LDAP port is 389. If your organization uses a non-standard port number to connect to your LDAP servers, please replace the default with the correct number.

 

Ldap version: The default version number for LDAP will be listed as 3, if you wish to use version 2 you are able to select it instead.

 

Ldap base dn: Enter the base Domain Name (DN) that will be used for LDAP user searches. Example: dc=example,dc=com

 

Ldap bind dn: The bind DN is the user on the LDAP server permitted to search the LDAP directory.

Example: cn=admin1, ou=Users ,dc=example,dc=com

 

Ldap bind password: Enter the password for the bind DN (LDAP user).

 

Ldap scope: This field allows you to set how far down the LDAP tree to search for a user. There are three scopes levels that can be selected from the drop-down menu:

  • subtree: Search all entries at or below the base DN in the LDAP tree

  • one-level: Search all entries of the LDAP tree exactly one level below the base DN, but not including the base DN.

  • base: Only search the base level of the LDAP tree

 

Ldap timeout: Set to a default of 5, the timeout is how many seconds allowed for a search when an LDAP user attempts to connect to the gateway.

 

Ldap bind timeout:  Set to a default of 5 seconds, this timeout is for attempting to bind to an LDAP server.

 

Ldap referrals: This option is deprecated and will be removed in a future release.

 

Ldap group lookups: Check this box if your LDAP directory is structured to support group permissions. When using group lookups, only LDAP users who are a member of the defined group may access Swift.


Once LDAP is enabled and configured, click the Submit button. After you deploy this new configuration, users will be able to connect to your Gateway using LDAP authentication.

Have more questions? Submit a request

Comments

Powered by Zendesk