| 1. | On the Application Preferences screen, click Logins from the Components menu. |
| 2. | Click the radio button beside Active Directory Authentication (LDAP) to select this authentication method. Note: When this method is chosen users (except administrators)can only login using their LDAP username and password. The Internal Authentication tab will also be disabled. |
| 3. | Enter the IP address or hostname (fully qualified domain name) of the LDAP server (domain controller) in the Server field. |
| 4. | Enter the port number of the LDAP server (389 or 636) in the Port field. If the Security field is set to None, enter 389 in the Port field. If the Security field is set to CFSSL_BASIC, enter 636 in the Port field. Note: 389 is the default port of LDAP and 636 is the default port of LDAPS. |
| 5. | In the Authentication Username field, enter the username of a domain user account. This must be a domain user account and the username must be in the userPrincipalName format. Note: This account will be used to query Active Directory via LDAP. |
| 6. | In the Password field, enter the password of the specified domain user account. |
| 7. | In the Start field, enter the path to search for users in Active Directory. For example: If you wish to retrieve users that are located in the Organization Unit (OU): Contoso.com (domain), Users (OU), then the value you would enter in the Start field would be OU=Users,DC=Contoso,DC=com. |
| 8. | In the Group Query field, enter the default query that will be used to search for users. In order for users to log into the LCMS using their Active Directory accounts, their account must be included in the query results. For example: If you wish to only grant access to users in the lcms-users group, you can use the group query: (&(objectClass=user)(memberOf=CN=lcms-users,OU=Groups,DC=Contoso,DC=com)). If you wish to grant access to all users that match the Start query, we can use the group query: (&(objectClass=user)). |
| 9. | In the Username field, select the desired username format from the drop-down menu. |
| 10. | In the Suffix field, enter the suffix of the usernames. The suffix must include the @ symbol (i.e., @contoso.com). The Suffix field is case sensitive. |
| 11. | In the Security field, select (None or CFSSL_BASIC) from the drop-down menu. Note: CFSSL_BASIC must be selected for LDAPS. If CFSSL_BASIC is selected, the Domain SSL certificate must be imported into ColdFusion keystore. |
| 12. | When all the fields are configured, click the Test Configuration button to test the configuration. When the LDAP Configuration Test modal opens: |
| a. | Enter the username and password of a LDAP user, or enter the configured Authentication Username and Password (domain user account). |
| b. | Enter a Group Query or enter the default Group Query configured. |
| c. | Click the Test button. The results display in the Result field. |
| d. | Click the Close button. |
| 13. | Click the Submit button to save the changes or click Cancel to return to the previous screen without saving. |
|
