The LDAP authentication client allows for authentication against an LDAP source. If authenticating against Active Directory, Windows Authentication or SAML with ADFS should be used instead. Use of this plugin with Active Directory is unsupported.
LDAP authentication is an extensible plugin in Telligent Community Server.
To configure the plugin:
- Navigate to Management > Administration > Authentication > Authentication methods.
- Click LDAP Authentication Client. The LDAP Authentication Client window appears.
- Click the Enabled check box.
- Enter the following required and optional information or make the following selections:
- Check the Allow automatic registration for new users check box. Authenticated users who don't currently have an account in the community will have one automatically created for them. This box must be checked for "Send new users a welcome email," "LDAP Email address attribute name," and "Default email domain for new users."
- Profile refresh interval - Defaults to 7 days. If profile syncing is being used, this would be the number of days to wait between checking for updated profile values.
- LDAP Server - The IP address of the LDAP server.
- LDAP port - This field is already populated with the default, 389. Change the port number if you are using a different one.
- Base DN - Enter the base DN for the LDAP server, using placeholders. The available placeholders are {0} for the value the user enters into the username field on the LDAP - Login widget and {1} for the value the user enters into the domain field on the LDAP - Login widget, if enabled.
- User DN - Enter the user DN, using placeholders. The available placeholders are {0} for the value the user enters into the username field on the LDAP - Login widget and {1} for the value the user enters into the domain field on the LDAP - Login widget, if enabled.
- LDAP Email address attribute name - The name of the attribute (such as mail) on the LDAP object containing the email address for users if "Allow automatic registration for new users" is enabled.
- Default email domain for new users - A default domain for email addresses (such as example.com) for new users if "Allow automatic registration for new users" is checked and the email domain can't be found in the LDAP object.
- LDAP authentication type - Choose:
- Simple - Using a clear-text password.
- Secure - No identifying name specified.
- LDAP over SSL.
- Active Directory Authentication - Unsupported, do not use.
- Click Save.