Open LDAP
User Guide: Identity > Configure the Identity Service > Open LDAP
Open LDAP Identity Service
Open Lightweight Directory Access Protocol (LDAP/LDAPS) is an open-source application protocol that is used for single sign-on (SSO) where a user's password is shared among various apps. The following LDAP protocols are supported:
- LDAP without SSL - Credentials are not encrypted before sending them for authentication.
- LDAPS (with SSL) - Credentials are encrypted before sending them for authentication.
To bind connection with an open LDAP, you must provide the details supplied during the Active Directory LDAP configuration and the following information:
- Bind Credentials (bind username and bind password)
- Log-in attribute, federation ID, and object Class.
To create an open LDAP authentication, follow these steps:
- Under the Identity service designer page, type a name for the service in the Enter Service Name text box.
- From the Type of Identity list, select Open LDAP.
-
Under Configure Open LDAP, provide the following details:
- In the Domain Name text field, enter a name.
-
In the Ldap URL field, enter the fully qualified LDAP URL. For example:
ldap://myldapserver.com:389
The default port number is 389. You can change the port, if required.
For example:
- The following URLs are the same and valid:
ldap://myldapserver.com:389
andldap://myldapserver.com
. - The following URLs are not valid.
ldap://myldapserver.com:512
andldap://myldapserver.com
.
- The following URLs are the same and valid:
-
In the Root Domain field, enter the distinguished root domain name. For example:
dc=mycompany,dc=com
Note: An OpenLDAP administrator can provide you details, such as dc, uid, OU, objectClass, Login attribute.
-
In the Bind Username, enter the bind username. For example:
uid=user,dc=mycompany,dc=com
- In the Bind Password, enter the bind password.
- In the Login Attribute, enter the log-in attribute.
- In the Federation ID, enter the unique identifier of Active Directory.
- In the Object Class, specify objectClass for the search filter during authentication.
-
After entering the above details, click on the Test Login button to verify the credentials. The Test Login dialog appears.
-
Enter the User ID and Password for back-end service.
- Click Sign In.
The test results are displayed in the Identity Response dialog.
-
Click the Advanced to provide additional configuration of your service definition:
- Now you can enable or disable the integrity check for an identity service at the provider level. If the integrity is disabled at the provider level, then the provider is meant for server-to-server communication only. To disable the integrity check, In Advanced, select the Restrict to Foundry Server to Server Authentication check box. This setting blocks a traditional client app from using an identity service. It will only allow the identity service to be used from a Volt MX Foundry Server to authenticate and invoke services.
- Concurrent User Logins: Select one of the following three options to configure concurrent user login sessions. For more information, refer to Concurrent User Logins.
- Allow concurrent user sessions (no restrictions): When this option is selected, an app user with unique credentials is allowed to have multiple apps from different instances.
- Allow only one active user session per app: Logging into simultaneous instances of the same app is not supported. When this option is selected, an app user can log in to only one instance of client apps linked to a specific Foundry app which has the identity service linked.
-
Allow only one active user session across all apps: Logging to simultaneous instances of the same app or across apps is not supported. When this option is selected, a unique app user can log in to only one instance of client apps linked to all Foundry apps using the identity service.
Important: Apps enabled for SSO will not work if the option is selected, Allow only one active user session across all apps. 6. Click Save to save the service. The system displays the Identity page. The new identity service is created for your app.
Note: You can view the service in the Data Panel feature of Volt MX Iris. By using the Data Panel, you can link back-end data services to your application UI elements seamlessly with low-code to no code. For more information on Data Panel, click here.