Root User
User authentication is based on configured domains. AppCenter supports both LDAP and LDAPS and multiple LDAP domains and LDAP groups. If you added an OpenLDAP configuration, it will still work with your instance of AppCenter after you add corporate LDAP.
You cannot delete users that you add. If a user is no longer part of a configured LDAP, AppCenter retains only the username in the app-service database to maintain their associated apps or scripts.
If a user is part of a configured LDAP domain, they can log into AppCenter and are added as a user automatically at that time.
-
Select
, then complete LDAP configuration fields:
Setting Required Description Example Directory Name ● Display name of the directory. yourcompany-ldap Host ● LDAP or LDAPS server hostname. ldap.yourcompany.com ldaps.yourcompany.com
Port ● LDAP or LDAPS server port. 389 (LDAP) 636 (LDAPS)
3268 (Active Directory Global Catalog, LDAP)
3269 (Active Directory Global Catalog, LDAPS)
Encryption None provides no encryption for connectivity. LDAPS incorporates SSL for greater security.
Base DN ● Base DN for your tree. Can be shifted to restrict users from a single tree from logging in. DC=YOURCOMPANY,DC=COM Search Service Account Username ● User DN for user to connect to LDAP server. CN=AppCenter-User,OU=Service Accounts,DC=YOURCOMPANY,DC=COM Search Service Account Password ● Password for search user. Vendor ● Vendor of your LDAP directory. OpenLDAP would be Other, which includes OpenLDAP, Novell eDirectory, Red Hat's 389 Directory Service, or ApacheDS. User object classes ● LDAP object classes that identify your users. The default, person, OrganizationalPerson, user should match most organizations. User search filter Filter for specific users. (!(cn=<useruniqueldapidentifier>)) Group object classes ● LDAP object classes that identify your groups. groupOfNames Custom groups filter Filter for LDAP groups. (|(cn=group20028) (cn=group20006) (CN=group20003) (CN=group20038)) UUID Field ● Unique LDAP attribute within the directory to identify user accounts. For Active Directory, this attribute could be objectGUID or sAMAccountName. For eDirectory, this attribute could be GUID.
It could also be CN if CN is unique for your entire directory.
If you are using posixAccount, it could be posixAccount.
Username Field ● Username attribute. For Active Directory, this attribute could be sAMAccountName. It could also be CN if that is your login name.
If you are using posixAccount, it could be posixAccount.
Member Field ● Attribute in a group entry for user membership. Should contain a DN pointing to the users who are members of the group. For most directories, this attribute should be member. Email field ● Email attribute. For most directories, this attribute should be mail. Group Base DN ● If using LDAP groups
Base DN containing all of your groups. OU=Groups,DC=YOURCOMPANY,DC=COM Group Id ● If using LDAP groups
Unique identifier for your groups. cn For Active Directory, this could also be the sAMAccountName.