Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can enable individual users to login using an LDAP-compatible directory (Example: Microsoft Active Directory) username and password instead of having a separate password in Flow while at the same time allowing other users to login using Flow defined credentials.

...

Setting

Comments

Host Name

The host name of your directory server. Examples:

  • activedir.example.com

  • ldap.example.com

Port

The port on which your directory server is listening. Examples:

  • 389

  • 10389

  • 636 (for secure/encrypted connections - LDAPS)

Use SSL

Likely not required - simply use port 636.

Use this option to turn on alternate SSL option settings in the connection. Be sure to use the matching port. The default port for LDAP with SSL is 636.

Timeout

The number of seconds to wait for a result from an LDAP request before timing out.

Search User DN and Password

The distinguishedName (DN) of the user to login with to perform user searches. This user needs to only be granted view/search privileges. It does not update the directory.

Example: cn=read-only-admin,dc=example,dc=com

These fields aren't always required. They are not used if you have a situation where the user DN can be directly determined via a concatenation of User Attribute, User RDN, Base DN. See more notes on this below this table of settings.

The saved password is not displayed.

Search Filter

The filter used when searching for users in the directory. Examples:

  • For LDAPv3: (objectClass=inetOrgPerson)

  • For AD: (objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)

Base DN

The root distinguished name (DN) to use when running queries against the directory server. Examples:

  • o=example,c=com

  • cn=users,dc=ad,dc=example,dc=com

  • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local.

    • You will need to replace the domain1 and local for your specific configuration.

    • Microsoft Server provides a tool called ldp.exe which is useful for viewing and configuring the LDAP structure of your server.

User Attribute

The attribute of an LDAP user object that specifies the login name of the user. Examples:

  • cn

  • uid

  • sAMAccountName

Additional User RDN

(multiple)

This value is used in addition to the base DN when searching and loading users. If no value is supplied, the search will use the base DN. Example:

  • ou=Groups

You can define multiple User DNs and assign each a friendly name that is selected when setting up the user in the user module.

NOTE: the User RDN values should not include the Base DN at the end. The application will automatically append the Base DN so providing it as part of the User RDN will make the final path incorrect. You may see an error in the Error Report:

Code Block
System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred.

...

Example of a tracing audit log (in this example the User RDN had the Base DN appended. Once removed the User login test was successful. Look in line 4 and see where the OU has the repeated text at the end:
OU=MYTV,DC=ad,DC=example,DC=net,DC=example,DC=net

Code Block
breakoutModefull-width
2022-01-28 5:32:48 AM	SYS	admin	LDAP: IsUserValid: NO - failed finding ldap user via login search.
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: Error Message: An operations error occurred.
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: Search Filter: (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(sAMAccountName=167777))
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: Connection: LDAP://10.10.10.10:389/OU=Users,OU=MYTV,DC=ad,DC=example,DC=net,DC=example,DC=net Username: CN=MYTV BE Service Account,OU=Admins,OU=MYTV,DC=ad,DC=example,DC=net
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: Host: 10.10.10.10 Port: 389
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: 167777 RDN: OU=Users,OU=MYTV,DC=ad,DC=example,DC=net
2022-01-28 5:32:48 AM	SYS	admin	LDAP: FIND USER DN: We need to find the users distinguishedName (DN) that we can use to verify the password.
2022-01-28 5:32:48 AM	SYS	admin	LDAP: IsUserValid: Host: 10.10.10.10 Port: 389
2022-01-28 5:32:48 AM	SYS	admin	LDAP: IsUserValid: Login: 167777 RDN: OU=Users,OU=MYTV,DC=ad,DC=example,DC=net
2022-01-28 5:32:48 AM	SYS	admin	=========== LDAP TEST USER LOGIN ============
2022-01-28 5:32:18 AM	SYS	admin	LDAP: IsUserValid: YES
2022-01-28 5:32:18 AM	SYS	admin	LDAP: IsUserValid: Attempt to connect to Host: 10.10.10.10 Port: 389 with the user DN and pwd
2022-01-28 5:32:18 AM	SYS	admin	LDAP: IsUserValid: DN: CN=MYTV BE Service Account,OU=Admins,OU=MYTV,DC=ad,DC=example,DC=net
2022-01-28 5:32:18 AM	SYS	admin	LDAP: IsUserValid: Check if this user and password is valid.
2022-01-28 5:32:17 AM	SYS	admin	=========== LDAP TEST SEARCH USER ============
2022-01-28 5:32:12 AM	SYS	admin	LDAP: Test Connection: FAILED! Message: An operations error occurred.
2022-01-28 5:32:12 AM	SYS	admin	LDAP: Test Connection: LDAP://10.10.10.10:389/DC=example,DC=net
2022-01-28 5:32:12 AM	SYS	admin	LDAP: Test Connection: Host: 10.10.10.10 Port: 389 BaseDN: DC=example,DC=net
2022-01-28 5:32:12 AM	SYS	admin	=========== LDAP TEST CONNECTION ============

...