LDAP Configuration

To configure SSH authentication using LDAP:
  1. Click and select Settings.
  2. On the Settings screen, click the SSH tab.
  3. The Publish SSH Public Keys on Directory field is set to "Disabled" by default. To enable it so that SSH public keys are pushed to the directory, click .
  4. The LDAP field is set to Enabled by default, which allows public keys to be pushed to particular user accounts in the directory using a secure approach. To turn this feature off, click .
    Note: Publish SSH Public Keys on Directory must be enabled if you want to be able to associate, publish, and delete an LDAP connector for an SSH key.
  5. In the Directory field, select from one of the following options:
    • Existing Auth. Directory Servers - This option retrieves existing LDAP servers' records from the Authentication tab.
    • New Directory Servers - This option adds new directory servers for pushing SSH public keys to the directory. If you select this option, four new fields appear on the screen. Complete the following sub-steps:
      • In the Host field, enter the host address of the Active Directory (AD) server.
        • For a single-domain Active Directory Domain Service (AD DS), the default port for LDAP is 389, while the default port for LDAP over SSL is 636.
      • In the Bind DN field, enter the full distinguished name (DN), including the common name (CN), of an Active Directory user account that has privileges to search for users.
      • For example: cn=manager,dc=sample,dc=com
      • The Bind DN user, such as the Administrator, is the username associated with the Bind DN user account. The Connector creates a corresponding user account as an administrative user in the Application Manager. You use the username for this account to log in to the Application Manager as an administrator. In AD DS, the Bind DN entry must be located in the same branch and below the Base DN.
      • In the Bind Password field, enter the password associated with the Bind DN user account.
      • In the Search base field, enter the name of the search base object, which defines the location in the directory from which the LDAP search begins.
      • For example: ou=APPVIEWX,dc=sample,dc=com
      • An LDAP search has the potential to retrieve information about all objects within a specific scope that have certain characteristics.
  6. Select at least one of the directory servers from the collection list.
  7. Click Add to add the LDAP configuration to the system.
  8. Click Save to publish the public key file to the LDAP server user profile. If the LDAP server from the collection list is not selected, then publishing the public key will fail.