Service Creatio, enterprise edition
PDF
This documentation is valid for Creatio version 7.16.0. We recommend using the newest version of Creatio documentation.

Setting up user authentication through LDAP on Linux

To enable user authentication through LDAP, modify the Web.config file in the application root folder.

1.Specify “Ldap” and “SspLdapProvider” in the list of available authentication providers.

<terrasoft>
<auth providerNames="InternalUserPassword,LdapProvider,SSPLdapProvider,SSPUserPassword,SsoAuthProvider,SSPSsoAuthProvider" autoLoginProviderNames="" defLanguage="en-US" defWorkspaceName="Default" useIPRestriction="false" loginTimeout="30000">
<providers>

Attention

Upper/lowercase characters must be as in the example. The provider names should be separated by commas with no blank spaces.

2.Specify server IP or URL, as well as user domain parameters in the “Ldap” section. Use Active Directory or OpenLDAP domains.

Note

Please note that Active Directory cannot be run on a Linux server. Deploy a Windows node to run Active Directory synchronization.

Active Directory parameters

<provider name="LdapProvider" type="Terrasoft.Authentication.Core.Ldap.NetStandardLdapProvider, Terrasoft.Authentication">
<parameters>
...
           <add name="ServerPath" value="testactivedirectory.com" />
           <add name="DistinguishedName"
           value="dc=testactivedirectory,dc=com" />
           <add name="UseLoginUserLDAPEntryDN" value="false" />
       <!--<add name="SearchPattern"
           value="(&amp;(objectCategory=person)(objectClass=user)
           (!(userAccountControl:1.2.840.113556.1.4.803:=2))
           memberOf=CN=SVNUsers,OU=groups,OU=Terrasoft,DC=tscrm,
           DC=com))" />-->
           <add name="SearchPattern"
            value="(&amp;(sAMAccountName={0})(objectClass=person))" />
           <add name="KeyDistributionCenter"
           value="testactivedirectory.com" />
           <add name="SecureSocketLayer" value="false" />
           <add name="CertificateFileName"
           value="ldap_certificate_example.cer" />
</parameters>
</provider>

OpenLDAP parameters

<provider name="LdapProvider" type="Terrasoft.Authentication.Core.Ldap.NetStandardLdapProvider, Terrasoft.Authentication">
<parameters>
...
           <add name="ServerPath" value="testopenldap.com" />
           <add name="AuthType" value="Basic" />
           <add name="DistinguishedName" value="dc=example,dc=org" />
           <add name="UseLoginUserLDAPEntryDN" value="true" />
           <add name="SearchPattern"
            value="(&amp;(uid={0})(objectClass=inetOrgPerson))" />
           <add name="KeyDistributionCenter" value="" />
</parameters>

3.Specify server IP or URL, as well as portal user domain parameters in the SspLdapProvider section. The step is the same for Active Directory and OpenLDAP.

<provider name="SSPLdapProvider" type="Terrasoft.WebApp.Loader.Authentication.SSPUserPassword.SSPLdapProvider, Terrasoft.WebApp.Loader">
<parameters>
...
           <add name="ServerPath" value="ldapserver.domain.com" />
...
           <add name="DistinguishedName" value="dc=domain, dc=com" />
...
</parameters>

4.Save the changes in the Web.config file.

5.Additional step for OpenLDAP: before you synchronize with OpenLDAP-server, specify the “true” value for UseLoginUserLDAPEntryDN in the Web.config file of Terrasoft.WebApp.

<appSettings>
...
                  <add key="UseLoginUserLDAPEntryDN" value="true" />

If you disregard this setting, the users will be synchronized with the empty LDAPEntryDN field of the SysAdminUnit table, which will result in having authorization issues.

See also

Description of system settings

Did you find this information useful?

How can we improve it?