11.1. Connecting to Authentication Servers¶
The Connection Broker can authenticate users against Microsoft Active Directory and OpenLDAP authentication servers. To authenticate users, you first register your domain with your Connection Broker.
Go to the Setup > Authentication Servers menu.
Click the Add Authentication Server link.
In the Add Authentication Server form, select Active Directory from the Type drop-down list.
Enter the name for this server in the Connection Broker in the Authentication Server name edit field, as shown in the below image.
In the Domain edit field, enter the domain name associated with this Active Directory server.
In the Connection Settings section, shown in the following figure, use the following procedure to integrate with your Active Directory authentication server.
From the Specify address using drop-down menu, select Hostname or IP address.
Enter the authentication server hostname or IP address in the Hostname or IP address edit field.
Enter the port number in the Port edit field.
Check the Encrypt connection to authentication server using SSL (LDAPS) checkbox if you need a secure connection to the authentication server.
In the Search Settings section, shown in the following figure, enter the username and password for an account that has read access to the user records. Leostream does not need full administrator rights to your Active Directory authentication server.
In the User Login Search section, ensure that the Match Login name against this field edit field is set to sAMAccountName. This is the attribute that the Connection Broker uses to locate the user in the authentication server, based on the information the user enters when logging into Leostream.