This guide will walk through the configuration of SeedDMS 6.x to use LDAP for authentication.
This guide follows on from Installing SeedDMS 6.x on FreeBSD 12 and only covers configuring SeedDMS to use an already existing LDAP server.
Configuration of LDAP is done at the command line level, it's not accessible via the webui.
/usr/local/www/seeddms
, change to it by using
cd /usr/localwww/seeddms
vi
editor, open the settings.xml file kept in the conf
directory
vi conf/settings.xml
<connectors>
<!-- ***** CONNECTOR LDAP *****
- enable: enable/disable connector
- type: type of connector ldap / AD
- host: hostname of the authentification server
- URIs are supported, e.g.: ldaps://ldap.host.com
- port: port of the authentification server
- baseDN: top level of the LDAP directory tree
- bindDN: use this dn for a first step bind, leave empty for annonymous bind
- bindPw: use this password for a first step bind
- filter: Additional filters which are to be checked
-->
<connector enable="false" type="ldap" host="ldaps://ldap.host.com" port="389" baseDN="" bindDN="" bindPw="" filter=""/>
<connector enable="false" type="ldap" host="ldaps://ldap.host.com" port="389" baseDN="" bindDN="" bindPw="" filter=""/>
needs to be updated with the correct details.
enable="false"
to read enable="true"
. This will turn on the connectortype
value, as it already has the value we want, that of ldap
ldaps://ldap.domain.com
. This is the preferred way, plus it also means can leave the port
field blankbaseDN
value to the OU that contains your users. Such as ou=Users,dc=domain,dc=com
. I have my users in this level of OU, i've not experimented with multiple OUs nor subtrees yet.bindDN
and bindPW
blankfilter
blank for now, but plan for it to be used in the future by narrowing down users based on say group membership, or by account type, etc.:wq
to return to the command lineOnly after a successful login will that account become available for such things as permissioning in the folder structure & other SeedDMS rights and groups assignments.