Knowledge Base: LDAP Integration
Present.ly is now integrated with the Lightweight Directory Access Protocol (LDAP) giving you the ability to provide authentication to your employees without requiring them to set up any additional accounts or credentials. For more information about the LDAP protocol, visit the LDAP Wikipedia Entry.
Advantages of LDAP
- Account admin can easily batch import users and groups from LDAP directory.
- Users are associated with groups automatically during the import process according to your organization structure.
- Utilize LDAP to authenticate users directly instead of using local account credentials. So no sensitive login credentials are stored locally. And for users it means no more extra logins to remember.
- New user will be added on-the-fly during the authentication process, if his account information has not yet been imported. These features help to eliminate all the administrator's headaches , and improve users' experience with Presently.
When Present.ly Will Contact Your LDAP Server
1) Once you setup your LDAP server, you will able to the manually import users and groups. During this one time import process, Presently will contact your LDAP server to retrieve all users and groups information.
2) If you enable the user LDAP authentication for your account, when the user try to log in first, Presently will contact your server to authenticate and import the user (if the user has not been imported). Presently will only contact your server to authenticate the user on any following login attempts.
The load to your server will be very minimal, most of the time only server packets for user authentication.
Setting Up LDAP
Here is how you can setup LDAP for your account:
- Login as an admin user of your account.
- Go to admin tab and click LDAP Settings on the right menu
bar.
- Enter your LDAP information in the following LDAP Settings Form.
- Save the settings after you finish.
![test [Present.ly]](http://img.skitch.com/20090407-1b56yw3ax6b1xsascmmrjd8nme.jpg)
Definition of terms in the LDAP Settings Form:
- Enable: Enable LDAP on your account.
- Server: Type the IP address of the LDAP directory. Use either the host name or dotted decimal format.
- Port: Type the TCP/IP port on which the LDAP server will accept a connection from an LDAP client.
- Encryption: Select the communcation encryption method, can be "No Encryption", "SSL" or "StartTLS"
- Authentication: If your LDAP server allow anonymous access select "None", otherwise select "Simple" and provide Bind DN and password.
- Bind DN: Type the distinguished name (DN) of the directory administrator that allows presently to update information. You must use the LDAP string representation for distinguished names (for example, cn=Chris Smith,dc=intridea,dc=com ).
- Password: Type the directory administrator's password.
- LDAP User Auth: Enable LDAP user authenticate for this account.
- User Search Base: Type the distinguished name
(DN) of the entry in the directory information tree (DIT) under
which user information is stored. You must use the LDAP string
representation for distinguished names (for example,
ou=people, dc=intridea,dc=com). - Group Search Base: Type the distinguished name
(DN) of the entry in the directory information tree (DIT) under
which group information is stored. You must use the LDAP string
representation for distinguished names (for example,
ou=groups, dc=intridea,dc=com). - User Unique ID Name: Type the user id name defined in LDAP user object schema. Usually it's 'uid', or 'sAMAccountName' for Microsoft Active Directory.
- Group Member ID Name: Type the group member name defined in LDAP group object schema. Usually it's 'member'.
If you have any questions about setting up, managing, or utilizing LDAP on your Present.ly account, please contact support.