LDAP authentication allows users of LiveAction to take advantage of their LDAP server to create, manage, and authenticate users who gain access LiveAction. Configuring LDAP in LiveAction is a straightforward task, but it does require that users leverage information within their LDAP server to properly configure LDAP authentication in LiveAction. This guide can be used to assist users to properly configure LDAP authentication within LiveAction.
Required LDAP Information for LiveAction There are several pieces of information that need to be gathered before LDAP can be configured properly:
- LDAP Server IP Address
- The name of the User being authenticated
- Password for the User name
- Bind DN information
- Base DN
- Attribute Mappings for Username & Full Name
If you have any questions about this guide, or need any assistance in general please contact LiveAction support: firstname.lastname@example.org
LDAP Server IP Address
To receive the LDAP Server information you must either know, or find out the IP Address of the server from the LDAP system administrator.
Bind DN Information
The Bind DN information can be discovered by connecting to the LDAP server and opening the Active Directory Users and Computers window, right click on the user that is being authenticated against, and select Properties.
Next, you will need to select the Attribute Editor tab and scroll down until discovering the distinguishedName. From here, you will copy the exact Value to be used in LiveAction for the Bind DN field. The one here is: CN=LiveAction,CN=Users,DC=liveaction,DC=qa,DC=com
In some LDAP Server versions, the Attribute Editor is not available by default. You need to go to View and turn on the advanced options on the Server Manager!
Base DN’s are important, as they are the containers in which you are allowing LiveAction to look for LDAP users. Similar to the Bind DN, the Base DN can be found by looking at the Attribute Editor. Instead of looking at the user, right click on the containing folder and select Properties.
From within the Attribute Editor, you can see the Base DN information: CN=Users,DC=liveaction,DC=qa,DC=com
From here, you can see the Base DN as the Attribute distinguishedName, and the Value is CN=Users,DC=liveaction,DC=qa,DC=com. This means that you are only giving the permission to look in those specific folders for users.
If you wanted to look at all User folders for the sdfqa tree, then you could use DC=liveaction,DC=qa,DC=com as the Base DN.
Next, it is necessary to find the Attribute Mappings for Username & Full Name. To find this, you will need to look at LiveAction’s properties and browse to the Attribute Editor tab.
In the example below, search for sAMAccountName in the Attribute column, and in the Value column, we used “LiveAction” for its “Username”. After, scroll down to “displayName” for the “Full Name”.
This part can be tricky and you may need to decide which Attribute you want to use for its Value. The example shown above is from using an earlier version of LDAP, and the Attribute may be different on newer versions. For example, instead of sAMAccountName the Attribute can be mapUserTo for the “Username”.
Configuring LDAP in LiveAction
With all the information that you have gathered in the previous steps, now it is time to configure LDAP in LiveAction.
- LDAP Server = 172.25.25.25
- Username = LiveAction
- Password = Password
- Bind DN = CN=LiveAction,CN=Users,DC=liveaction,DC=qa,DC=com
- Base DN = DC=liveaction,DC=qa,DC=com
- Attribute Mappings Username = sAMAccountName and Full Name = displayName
LDAP Authentication Settings
To configure LDAP, begin by launching your LiveAction Client, select Users > User Management
In the User Management window, select LDAP Authentication Settings:
Now, in the LDAP Authentication Settings window, you can fill out the fields with the information you collected from the LDAP Server/Administrator.
Next, click on Certificate Manager and import the LDAP Certificate. Enter the Host/IP and then click on Search. After the certificate has been found, select Import and Close.
After filling out all the required fields, a LiveAction user can Test Connection Settings to verify the settings are correct. If the Bind DN: field is left blank and a user selects Test Connection Settings, another dialogue box appears, which allows a LiveAction user to manually enter the Username or the complete Bind DN field can be used. The user must enter the correct password or the test will fail.
You will get the following LDAP Server Connection Test result, if the LDAP Server IP, Bind DN, and Password are correct:
If you do not enter a Bind DN, you will receive the following results after Test Connection Settings:
Adding LDAP Users to LiveAction
Now that you have completed the LDAP Authentication Settings, let’s begin adding users. From the User Management window, click on Add.
After clicking on Add, LiveAction should take a few moments to search the LDAP directory. If this process is instant, there may be some errors with the Base DN.
The next window that should appear after searching for the LDAP directory, is the Add LDAP Users window. From here, you should see the Base DN(s) that you have created. When expanding the tree, you should see a list of users that can be added.
Modify LDAP Username in LiveAction
It is possible to modify the LDAP username in LiveAction to something different. To do so, select Custom User from the Add LDAP User window.
In the Create Custom User window, choose a username. Next, select the Role, and make sure to select LDAP Directory for the Authentication Directory. For the Authentication Method, select Map to Another LDAP Username.
DOWNLOAD How to confgure LDAP