Use this guide along with the Data Tab Configuration guide to configure a SecureAuth IdP realm that uses Open LDAP as an additional Profile Provider.
1. Have an on-premises Open LDAP data store
2. A service account with read access (and optional write access) for SecureAuth IdP
1. In the Profile Provider Settings section, select False from the Same as Above dropdown
2. Select Directory Server from the Default Profile Provider dropdown if Open LDAP will be used to supply the user information rather than the data store configured in the Membership Connection Settings section
3. Select Directory Server from the Data Store dropdown
4. Select Open LDAP from the Directory Server dropdown
5. Set the Connection String using the directory domain, e.g. LDAP:<directory>.<domain>/DC=<directory>,DC=<domain>
6. Provide the Username of the SecureAuth IdP Service Account in the Distinguished Name (DN) format, e.g. cn=svc-account,DC=directory,DC=domain
7. Provide the Password associated with the Username
8. Provide the Search Attribute to be used to search for the user's account in the directory, e.g. uid
9. Click Generate Search Filter, and the searchFilter will auto-populate
The value that equals %v is what the end-user will provide on the login page, so if it is different from the Search Attribute, change it here
For example, if the Search Attribute is uid, but end-users will log in with their email addresses (field=mail), the searchFilter would be (&(mail=%v)(objectclass=*))
10. Provide the Allowed User Groups for this realm
Leave this field blank if there is no access restriction
11. Check Include Nested Groups if the subgroups from the listed User Groups are to be allowed access as well
12. Click Test Connection to ensure that the integration is successful
Refer to Data Tab Configuration to complete the configuration steps in the Data tab of the Web Admin
Refer to LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping for information on the Profile Properties section