Configure LDAP Authentication

Access to the application’s server
Access to the security.properties file.
Review Login Policy LDAP/AD, and About Security Authentication topics.

To enable LDAP authentication you must configure both the security.properties file and Login Policy. The task below starts with the configuration of the security.properties file; however, you may configure the Login Policy prior to the security.properties file.

Access the application’s security.properties file.
The default location is C://Program Files > “Application Name”> configuration > security.properties
In security.profiles=SECURITY-WEB¹, enter the security profile for LDAP; for example: security.profiles=SECURITY-WEB-LDAP
Optional - To identify multiple profiles enter the desired security profiles; for example:security.profiles=SECURITY-WEB-LDAP,SECURITY-KERBEROS,SECURITY-WEB
Note no space after the comma and be sure to set all applicable settings when entering multiple security profiles.
In security.ldap.domain, enter your company’s domain name; for example, Kronos.com
In security.ldap.userDn, enter the username for the LDAP you are connecting to.
In security.ldap.password, enter the password that corresponds to the username in the previous step.
In security.ldap.userDNPatterns, enter the user domain name pattern. Refer to the security.properties file for format specifics.
Save the file to confirm your settings.
Stop and Restart the application to initiate your new settings.
Go to: Setup > Login Policy to create a new Login Policy.
Click Add, to create a new Login Policy or click an existing Login Policy to edit.
In Active Directory/LDAP, select the check box Authenticate via Active Directory/LDAP.
Click Save.
Assign this login policy to personnel who will be using AD/LDAP authentication.
Important: Be sure the person’s Login ID or User ID match those of the external provider. For example, if the AD Login ID is set to use the username without the domain prefix or suffix extension and the person’s domain login ID is John.Doe@kronos.com, then their Login ID for this application will be: “John.Doe”.

LDAP Directory Sample Settings

LDAP Directory Sample Settings
`security.ldap.domain=ldaps://ldap.yourCompany.com;636/dc=yourCompany,dc=com security.ldap.userDn=cn=Manager,dc=yourCompany,dc=com security.ldap.password=####### # set multiple dn patterns by separating them with a ‘^’ character. # i.e. uid={0}, ou=people^uid={1}, ou,orgs security.ldap.userDnPatterns=uid={0},ou=people`


security.ldap.domain=ldaps://ldap.yourCompany.com;636/dc=yourCompany,dc=com
security.ldap.userDn=cn=Manager,dc=yourCompany,dc=com
security.ldap.password=#######
# set multiple dn patterns by separating them with a ‘^’ character.
# i.e. uid={0}, ou=people^uid={1}, ou,orgs
security.ldap.userDnPatterns=uid={0},ou=people