Step By Step
In the ECX Portal go to Configure->Providers->LDAP
· Name
A user-defined name for the LDAP Server. Provider names must be unique.
· Host Address
The IP address or resolvable logical node name of the LDAP server.
· Port
The port on which the LDAP server is listening. The typical default port is 389 for non SSL connections or 636 for SSL connections.
· Use SSL
Enable to establish a secure connection to the LDAP server.
· Base DN
This is the base domain name associated with the ldap filter.
Example if your domain name is cxw.com the Base DN will be:
dc=cxw,dc=com
· User Filter
A filter to select only those users under the Base DN that match certain criteria. ECX supports the following 3 user filters.
Cononical Name: cn={0}
Samaccountname: sAMAccountName={0}
E-mail address associated with LDAP: mail={0}
· User RDN
This is the filter for where in AD the user accounts exist that you want to allow to log into ECX.
Example, in Active, Directory, if I want to allow user’s that exist under a folder path, Data Protection\ECX, the filter will be:
OU=ECX,OU=Data Protection
· Group RDN
This is the filter for where the Security Groups exist. In ECX we import the security groups and not the user accounts. So we need a filter to tell ECX where to look for the Security groups. By default most security groups will exist in the user’s container.
cn=users
Before saving the configuration it is required to add at least one valid user under the users tab. The format of the user is dependent on the configuration of the User Filter
Once, you have successfully added the LDAP server to ECX you will now need to import the Security group you wish to import.
In the ECX Portal, go to Configure->Accounts->Select New->Select Import LDAP Group.
In the new window, you will see all the Security groups that exist in the Group RDN filter you applied. Select the Security Group you wish to add to ECX and proceed.
Once you have added the Security group successfully, all user’s that exist in the User RDN filter and that are assigned to the Security Group you imported will be able to log into ECX via their LDAP Credentials.
The user’s will be able to log in with the specified user filter you applied.
Example: LDAP account is John Smith.
The Cononical Name format is: John Smith
The Samaccountname format is: jsmith
The mail format is: JohnSmith@cxw.com
Note: To get the correct value of these filters, the Domain Admin can look at the Attribute Editor of the domain account in Active Directory.