Add LDAP Server

You can add LDAP connection details so that LDAP users can sign in to the XCO user interface.

About this task

When a new LDAP server is added, XCO automatically adds it to the authentication preference settings if the authentication preference limit of five entries is not exceeded.

Procedure

  1. In the Navigation menu, select Users.
  2. Select Settings > LDAP Settings > Add LDAP Server.
    Alternatively, you can select LDAP > Connect LDAP to configure the first LDAP server.
    Create or update LDAP server window
  3. In the Name field, enter a name for the LDAP server.
    The name can contain up to 32 alphanumeric characters without spaces.
  4. Optional: If multiple LDAP servers are available, proceed to the next step. Else, go to step 6.
  5. In the Host field, enter the host name, IPv4, or IPv6 address of the LDAP server.
  6. Optional: In the Port field, enter the TCP port used for authentication.
  7. Optional: In the CA Certificate field, enter the CA certificate location.
    Select the CA certificate to use when validating the server certificate that the LDAP server sends. The CA certificate must be issued by the same CA that issued and signed the server certificate for the LDAP server.
  8. In the Timeout(Secs) field, enter the timeout value in seconds.
    The default timeout value is 5 seconds.
  9. Optional: In the Bind User Name field, enter the LDAP server user name.
    The Bind User Name is used for authenticating the LDAP server when initiating a connection.
  10. Optional: In the Bind User Password field, enter the password for the LDAP server.
    The Bind User Password is used for authenticating the LDAP server when initiating a connection.
  11. In the Advanced section, complete the following fields as required:
    • User Search Base: Specifies the name of the node from which to start searching for users.
    • (Optional) User Object Class: Specifies the name of the user object class. The default value is inetOrgPerson.
    • (Optional) User Login Attribute: Specifies the login username attribute. The default value is uid.
    • (Optional) User Role Attribute: Specifies the user role attribute.
    • (Optional) User Role Attribute Key: Specifies key to the user role attribute.
    • (Optional) User Member Attribute: Specifies the member attribute of the user.
    • (Optional) Group Search Base: Specifies the name of the node from which to start searching for groups.
    • (Optional) Group Object Class: Specifies the name of the group object class. The default value is groupOfNames.
    • (Optional) Group Attribute: Specifies the group attribute. The default value is cn.
    • (Optional) Group Member User Attribute: Specifies the group member user attribute. The default value is entrydn.
    • (Optional) Group Member Mapping Attribute: Specifies the group member mapping attribute. The default value is member.
    • (Optional) TLS check box: Enables LDAP over SSL/TLS
    • (Optional) Insecure-TLS check box: Enables LDAP without certificate verification
  12. Select Test Connection and Save to save your selections.
    The Authentication Settings page displays the new configuration.

What to do next

Map an LDAP User Role
9038086-00 Rev AA