Setting Up LDAP Authentication
bipp supports Lightweight Directory Access Protocol (LDAP) for user authentication. LDAP is set up once for your organization. Once enabled, LDAP authentication is added to the bipp login page to authenticate your users.
LDAP authentication in bipp:
- Configuring LDAP for an organization on bipp platform enables the authentication.
- bipp supports simple authentication with name/password credentials. Anonymous authentication is not supported.
- LDAP user accounts must have read privileges for the user entries and group entries where the user is a member.
- bipp connects to LDAP server in read-only mode and no LDAP directory writes are attempted even if the user account has write privilege.
To configure LDAP
- Enable Development Mode.
- Click Settings in the Navigation pane.
- Click LDAP.
- Enter your LDAP server information:
Host: name or IP address of your LDAP server.
Port: server port for LDAP. For example, 3269.
Base DN: Base Distinguished Name of your LDAP directory. This is the starting point to search for the user’s credentials within your directory. For example: dc=companyname,dc=com.
Bind Key: bind method. Select UID to use the user ID, Mail use the email address.
Use SSL: select Yes or No to enable Secure Socket Layer (SSL). bipp recommends you to use SSL. Here are the SSL fields:
Skip Insecure Verification: select Yes or No to skip certificate verification. bipp recommends selecting No.
Client Certificate: enter the client certificate details.
Client Private Key: enter the client private key.
Root CA Certificates: enter your certificate. If you have multiple certificates, click + Add more.
User Filter: authentication search criteria for user logins. For example, (mail=%s) searches by email.
Group Filter: authentication search criteria is based on Group membership. For example: (&(objectCategory=Group)(member=%s))
Group Search Key: search criteria to retrieve the LDAP groups. For example: distinguishedName.
- Click Enable.
After LDAP Authentication is enabled, users see a different bipp login screen.
bipp attempts to bind to the LDAP instance with the user credentials. If authenticated, the user is logged into bipp.
IN THIS PAGE