Authenticating against Active Directory and LDAP servers

LDAP, Lightweight Directory Access Protocol, is supported by many directory services, including Active Directory and OpenLDAP. Helix Server offers two ways of authenticating against Active Directory or LDAP servers: using an authentication trigger or using an LDAP specification. We recommend using an LDAP specification because it:

• is easier to use

• requires no external scripts

• allows users who are not in the LDAP directory to be authenticated against the internal user database

• is more secure

The steps required to set up configuration-based LDAP authentication are described in the following sections. Information relating to LDAP authentication applies equally to using Active Directory.

Overview of the configuration process:

• Use the p4 ldap command to create an LDAP configuration specification for each LDAP or Active Directory server that you want to use for authentication.
• Define authentication-related configurables to enable authentication, to specify the order in which multiple LDAP servers are to be searched, and to provide additional information about how LDAP authentication is to be implemented.
• Set the AuthMethod field of the user specification for existing users to specify how they are to be authenticated.
• Test the LDAP configurations you have defined to make sure searches are conducted as you expect.
• If this is the first time you have enabled LDAP authentication, restart the server.