LDAP Authentication
PPM uses simple authentication to authenticate against any LDAP v.3 (or later) compliant LDAP server.
The authentication steps involve:
-
The PPM Server binds to the LDAP server using the credentials supplied in the KINTANA_LDAP_ID and KINTANA_LDAP_PASSWORD server attributes.
This step is optional. PPM does an anonymous authentication if a password is not supplied in
server.conf
.For more information on the
server.conf
file, see the Installation and Administration Guide. -
PPM tries to obtain the distinguished name of the user by supplying a search filter to the LDAP server in the form uid=<username> (where <username> is the user ID on the LDAP server).
Here the attribute uid could vary from one LDAP server to another depending on the information supplied in the
LdapAttribute.conf
file. -
If PPM obtains a unique distinguished name, then it tries to rebind to the LDAP server using the distinguished name and the password supplied by the user.
If more than one LDAP server has been specified in the LDAP_URL server attribute, PPM tries to authenticate against all of them until it succeeds. If the referral option has been enabled, then PPM also queries the referral server for authentication if the user is not present in primary server.
PPM also supports LDAP authentication over SSL by using passwords. To enable the SSL option, set the LDAP_SSL_PORT server attribute to the SSL port of the LDAP server.