The Lightweight Directory Access Protocol (LDAP) is an industry standard protocol used to centrally store usernames and passwords.
Enabling Active Directory LDAP on your Chorus site connects the site to an LDAP server to validate its users.
Step-by-step:
1. Click Admin at the top of your desk and sign in to elevate.
2. Choose Settings > Site from the Admin menu. The Site Admin modal will open.
3. Go to LDAP settings.
4. Use the Enable LDAP switch to enable single sign-on and to open Active Directory (AD) configuration options.
5. Enter your LDAP Server address. This is the address of your domain controller, Eg. ‘192.168.0.1’ or a server hostname such as ‘windows2012.thirdlight.local’.
6. Enable the Global Catalog switch if you need to authenticate users in several domains within a forest.
7. Enable the Follow referrals to other servers switch to access users or objects in domains elsewhere in the forest.
8. Enable the Connect to the LDAP server over SSL switch to use SSL encryption when connecting Chorus to the LDAP server.
9. Enter the username of the Service Account User. This is a user account on Active Directory, normally read-only, with which Chorus can connect to do certain simple look ups about users.
10. Enter the password for the Chorus LDAP account.
11. Enter the Forest Root. This should be the root domain of the Active Directory forest. Eg. ‘dc=thirdlight,dc=local’.
12. Enter a Search DN. This is the DN of the tree containing users to authenticate. Chorus will search for user accounts below this base in the LDAP schema. Eg. ‘cn=users,dc=thirdlight,dc=local’.
13. Enter an optional Group Search DN. This is the base below which Chorus will search for AD groups. Eg. ‘dc=thirdlight,dc=local’.
14. Select an LDAP Server Port. This is the port to connect to on the LDAP server. If you choose default, then the default will be: normal = 389 and with SSL = 636. For the global catalog, the defaults are normal = 3268 and with SSL = 3269.
15. Click Save.
More on external authentication:
