How to configure LDAP for authentication with Microsoft Active Directory

Article:HOWTO77752  |  Created: 2012-08-21  |  Updated: 2014-07-14  |  Article URL http://www.symantec.com/docs/HOWTO77752
Article Type
How To



Changing LDAP configuration variables is live, there is no need to re-start the server when the LDAP configuration is setup. When LDAP is enabled, all user authentication is done via LDAP except for superuser, which is always local to the cluster/appliance.   

To gain access to a Clearwell cluster/appliance, the end user must have a user account (and role) on the Clearwell as well.

This process can be automated by using the esa.ldap.createUnknownUsers=true setting as described below.  

When LDAP is enabled, all Clearwell user password facilities are removed from the UI, except for superuser's ability to modify his own password.

An example ldap configuration that works with an Active Directory server is as follows:

Step 1:

For specific values please contact your Active Directory administrator. 
These settings enable all Clearwell corporate accounts to have Case User access to all cases on your cluster. User names will be the Clearwell account names, like 'bloch'. 

Please use the System > Support Features > Property Browser to setup the following properties:

Then click 'Submit'. 

esa.ldap.enabled=true
esa.ldap.connectionPassword=yourPassword
esa.ldap.connectionURL=ldap://rushmore.corp.local:389
esa.ldap.connectionName=yourAccount@corp.local
esa.ldap.referrals=follow
esa.ldap.userBase=ou=test Users,dc=corp,dc=local
esa.ldap.userSearch=(sAMAccountName={0.EN_US})
esa.ldap.roleName=name
esa.ldap.roleBase=ou=test Users,DC=corp,DC=local
esa.ldap.roleSearch=(member={0.EN_US})
esa.ldap.defaultRole=Case User
esa.ldap.createUnknownUsers=true
esa.ldap.newUserCaseList=<all-cases>
 

Step 2:

Check the output of the authentication.  If it fails authentication, then check the log file: "D:\CW\<version>\logs\catalina*.log  "


Step 3:

If it succeeds authentication, the system is now setup to use LDAP authentication.





Article URL http://www.symantec.com/docs/HOWTO77752


Terms of use for this information are found in Legal Notices