LDAP Server Profile Administration

Laserfiche's LDAP support allows administrators to create LDAP Server Profiles for their LDAP servers. This profile allows Laserfiche to connect to the LDAP server and verify a user's credentials, so that those credentials -- the LDAP user name and password -- can be used to authenticate to the Laserfiche repository.

Once an LDAP Server Profile has been created, administrators will need to add LDAP accounts.  See the LDAP Accounts topic for more information.

Note: LDAP accounts are supported for Laserfiche Rio and Laserfiche Avante installations only.

To create an LDAP Server Profile

  1. Start the Laserfiche Administration Console.
  2. In the console tree, expand the desired Laserfiche Server.
  3. Select the desired Laserfiche repository.
  4. If security has been enabled on that repository, log in as any user who has been granted the Manage Trusteesprivilege for the specified repository.
  5. Expand the Users and Groups node.
  6. Expand the ClosedLDAP Management node.

  7. Select the Server Profiles node.
  8. Right-click, or open the Action menu, and select New LDAP Server Profile to display the New LDAP Server Profile dialog box. Alternately, click the New Item toolbar button. ClosedClick to view screenshot.
  9. In the Name option, type a name for your new LDAP profile. The profile name does not not need to match your LDAP server's machine name. This name will be used as part of your trustees' login, so it is a good idea to make it something simple and easy to remember.
  10. In the LDAP server option, type the fully-qualified domain name of your LDAP Server computer.
  11. In the Base distinguished name option, type the base distinguished name you want to use with your Server profile. The base distinguished name defines the set of accounts that can be added to the repository, and must be input in the correct LDAP distinguished name format. If you are not sure what base distinguished name to use, contact your LDAP administrator.
  12. Optional: If you want to resolve LDAP accounts by querying the LDAP server for a user, you can specify a unique attribute to query. Type the attribute in the Unique name attribute option.
  13. In the Schema Type option, select eDirectory or Active Directory.

    14. Note: eDirectory is the most common choice for LDAP accounts, and is used with Novell accounts. Active Directory is typically used with Windows accounts. Note that it is not necessary to configure LDAP to use Laserfiche with Windows accounts, since Laserfiche handles Windows accounts natively; see Windows Accounts for more information.  However, you may choose to configure your Windows Accounts with LDAP for special configurations, such as remote access without Kerberos.

  14. In the LDAP Credentials option, you will need to specify an LDAP user name and password for an account with sufficient privileges to contact your LDAP server. This account will be used to connect to LDAP whenever the Laserfiche Server needs to check a user's credentials. Type the user's name in the LDAP Account option, and the password in the Password option.
  15. Click OK to save your changes.

To create an LDAP Server Profile

  1. Open the Laserfiche web client management page. Sign in as any user who has been granted the Manage Trusteesprivilege for the specified repository.
  2. Click on Integrations.

  3. Click the LDAP Server Profiles tab.

  4. Click the Add button.

  5. In the Name option, type a name for your new LDAP profile. You can choose any name you want; it does not need to match your LDAP server's machine name. This name will be used as part of your trustees' login, so it is a good idea to make it something simple and easy to remember. ClosedClick to view screenshot.
  6. In the LDAP server option, type the fully-qualified domain name of your LDAP Server computer.
  7. In the Base distinguished name option, type the base distinguished name you want to use with your Server profile. The base distinguished name defines the set of accounts that can be added to the repository, and must be input in the correct LDAP distinguished name format. If you are not sure what base distinguished name to use, contact your LDAP administrator.
  8. Optional: If you want to resolve LDAP accounts by querying the LDAP server for a user, you can specify a unique attribute to query. Type the attribute in the Unique name attribute option.
  9. In the Schema Type option, select eDirectory or Active Directory.

    10. Note: eDirectory is the most common choice for LDAP accounts, and is used with Novell accounts. Active Directory is typically used with Windows accounts. Note that it is not necessary to configure LDAP to use Laserfiche with Windows accounts, since Laserfiche handles Windows accounts natively; see Windows Accounts for more information.  However, you may choose to configure your Windows Accounts with LDAP for special configurations, such as remote access without Kerberos.

  10. Check the Use SSL option if you want Laserfiche Server to connect to the LDAP server using SSL or TLS.
  11. In the LDAP account option, you will need to specify an LDAP username for an account with sufficient privileges to contact your LDAP server. This account will be used to connect to LDAP whenever the Laserfiche Server needs to check a user's credentials.
  12. Type the LDAP user's password in the Password option.
  13. Click OK to save your changes.