View Source

You can use LDAP authentication to verify your users against a database such as Active Directory. Check the Use LDAP authentication check box when adding or editing your user accounts located in a separate database. For more information about activating LDAP authentication for a user account, see [Add users].

Backup Manager uses the server host name and port number to produce a URL used for authentication in the following format: {{ldap://<hostname>:<port number>}}.&nbsp;You can choose to use SSL/TLS to encrypt communications with the LDAP server. Backup Manager also lets you select whether you want to transmit user passwords in plain text or a hashed version of the password.

It is important that you have the base distinguished name that you want to use to authenticate LDAP users. For Active Directory servers, the base DN is typically in the format {{@domain.tld}}. For OpenLDAP servers, the base DN is typically in the format {{DC=domain,DC=tld}}. Backup Manager uses the base DN and bind attribute to determine the full distinguished name used to authenticate the user. If you specify a bind attribute, the full distinguished name is in the format {{<bind attribute>=<username>,<base DN>}}. If you do not specify a bind attribute, the full distinguished name is in the format {{<username><base DN>}}.


h2. Configure LDAP authentication

Follow the instructions below to configure language settings for the Backup Manager.

1. In the Main menu, click *Configuration*. Server Backup Manager displays the Configuration window.


2. In the Configuration menu, click *LDAP Authentication*. SBM displays the LDAP Authentication dialog box.



3. Configure the LDAP authentication:

!Configuration_LDAP authentication_English.png!

* *Enable LDAP Authentication*. Check this box to toggle whether you want to use LDAP authentication. When this check box is clear, the other fields retain their contents but are grayed out to show that they are inactive. This feature allows you to enable LDAP authentication again without re-entering the associated data.
* *LDAP Server Hostname*. Type the host name of the server used to authenticate LDAP users. Backup Manager uses the server host name and port number to produce the URL used for authentication. The URL uses the following format:
{{ldap://<hostname>:<port number>}}
* *Use SSL*. Check this box to toggle whether you want to use SSL/TLS to encrypt communications with the LDAP server.
* *Port Number*. Type the port number used to authenticate LDAP users. Backup Manager uses the server host name and port number to produce the URL used for authentication. The common port number is {{389}}. If your LDAP server is using SSL, the common port number is {{636}}.
* *Authentication Type*. Select one of the following types of authentication used to authenticate LDAP users:
** *Simple* authentication transmits the password in plaintext.
** *Digest-MD5* authentication transmits a hashed version of the password.
* *Base DN*. Type the base distinguished name used to authenticate LDAP users. For Active Directory servers, this is typically in the format {{@domain.tld}}. For OpenLDAP servers, this is typically in the format {{DC=domain,DC=tld}}. Backup Manager uses the base DN and bind attribute to determine the full distinguished name used to authenticate the user. If a bind attribute is specified, the full distinguished name is in the format {{<bind attribute>=<username>,<base DN>}}. If you do not specify a bind attribute, the full distinguished name is in the format {{<username><base DN>}}.
* *Bind Attribute*. Type the bind attribute used to authenticate LDAP users. This field is optional for Active Directory servers using {{@domain.tld}} for the base DN. For OpenLDAP servers, this attribute is typically {{uid}}. Backup Manager uses the base DN and bind attribute to determine the full distinguished name used to authenticate the user. If a bind attribute is specified, the full distinguished name is in the format {{<bind attribute>=<username>,<base DN>}}. If you do not specify a bind attribute, the full distinguished name is in the format {{<username><base DN>}}.

4. Click *Test Settings* to verify your server settings against an existing user account.

!Configuration_LDAP authentication_Test_English.png!

5. In the Test LDAP Server Settings dialog box, type a username and password, and then click *Test*.

!Configuration_LDAP Test_window_English.png!

6. Click *Save* after experiencing a successful test.


{excerpt:hidden=true}Instructions on how to configure LDAP authentication in the Backup Manager.{excerpt}