Configuring authentication through LDAP

To establish interoperability between the device and a Lightweight Directory Access Protocol (LDAP) server and to assign the Observer role to LDAP users, you must configure authentication through LDAP.

To configure LDAP authentication

1. On the Administration page of the

   The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

   , click Accounts and LDAP management and select the LDAP settings view.
2. In the Directory Server section, add information specific to your LDAP server:
   1. In the Host box, enter the name of the server where the LDAP directory resides.
   2. In the Port box, enter the TCP port of the host server (indicated in the Host box). The standard port for LDAP is port 389 for non-SSL connections and 636 for SSL connections.
   3. From the Authentication list, select the authentication for the system to use, Simple (username & password) or Anonymous.
   4. If you selected simple authentication, continue with the following steps; otherwise, skip to step 3:
      • In the Search username (bind DN) box, enter the name of the user account permitted to search the LDAP directory within the defined search base. Use the DN format — for example, cn=administrator,cn=Users,dc=domain,dc=com.
      • In the Password box, enter the password for the account on the directory server that corresponds to the user account in the Search User Name (bind DN) box.
   5. In the Connection security level list, select the type of communication, Non-Secure or LDAPS (Secure LDAP, also known as LDAP over SSL).
   6. (Optional) If you selected LDAPS in the Connection security level list, select Allow SSL connection to LDAP server using self-signed certificate unless your organization requires an X.509 certificate (also known as an SSL certificate) purchased from a commercial Certificate Authority (CA).
   7. In the Connection timeout box, specify the length of time that the system waits before it declares an error on the connection.
3. (Optional) Click Test Server.
    A message indicates success or failure because of errors.
4. Click Save.
   
   Users authenticated through LDAP acquire Observer role access rights. For LDAP users to acquire accounts that are associated with the roles mapped to their LDAP group, you must configure authorization through LDAP.