Authenticating via LDAP

An alternative to managing users locally is to use LDAP authentication. LDAP authentication is set up manually by providing an access manager plugin in the console’s configuration.properties file. Please see Console server configuration below for more information.

Within the LDAP server itself, the following attributes must be set for each user:

sn=[User's surname]
givenName=[User's given name]
mail=[User's email address]

In addition, each user must be a member of (memberOf) one of the following groups:

TomorrowUserType_Admin
TomorrowUserType_Security
TomorrowUserType_Super
TomorrowUserType_User

Optionally, the user can also be a member of the following group:

TomorrowUserRole_[A valid and defined user role within the console]

For example, if a role named Tester exists, then the user can be enrolled into that role by setting:

memberOf= TomorrowUserRole_Tester

PreviousManaging Access Rules NextAuthenticating via SAML

Last updated 1 year ago