Introduction
The purpose of this documentation is to explain how authentication via an LDAP directory works. This functionality translates into the addition of one or more externalized connections in the ServiceNav application.
It is possible to define one LDAP directory per company/site. The activation of an authentication by directory comes in addition to the local authentication.
Authentication on an LDAP directory requires communication between the ServiceNav monitoring platform and the LDAP directory; therefore, this functionality is not available on the ServiceNav SaaS platform.
Adding an external connection
To add a connection with an LDAP directory, go to the "Administration" section and then to the "Integrations" > "LDAP" menu.
Setting up the LDAP connection
LDAP server definition
1/ To activate authentication with an LDAP directory, select "Yes". Once "Yes" is selected, the different parameters appear.
2/ It is then necessary to configure the connection to the server hosting the LDAP directory.
- Domain: must correspond to the domain of the directory and will be used to create user accounts. The login will be of the following form: . It is not necessary to specify an FQDN (e.g. do not enter .lan).
- Enter the IP address or DNS name of the server.
- Enter the port on which the directory service listens.
- If you want to use a secure connection and the directory supports SSL, then choose the "Yes" option.
3/ This section represents the attributes of the user object of the LDAP directory. To know the correspondence with your directory you must look at its configuration. The default values are the most common.
4/ In order to connect to the directory, we need a user with read rights. It will be used to search for users to add and to test the connection.
5/ This parameter allows you to filter the results contained in the directory. It is predefined to filter users with an email address. You can modify it if needed.
Example for managing groups: &(objectCategory=user)(sAMAccountName=*)(memberOf=cn=GG_SUPERVISION_SI,ou=groups,ou=Service-U,dc=,dc=lan)
6/ Enter the maximum waiting time allowed for the establishment of a connection with the directory.
7/ You can activate the "debug" mode to change the error output.
Test the connection
1/ Click on "Test connection" to check that the configuration is correct.
2/ Results of the different AD configuration checkpoints.
3/ Number of users recovered during the connection test.
4/ Information on one of the recovered users (login, name, first name and email). It is possible that the LDAP directory does not contain all these data. In this case, there will be no result in the right column.
