Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

Configure LDAP

      +
      Enterprise Analytics can be configured to authenticate the user by means of an LDAP server; and to recognize the LDAP groups of which the user is a member.

      GET /settings/ldap

      Description

      Returns information about the ldap settings as JSON object.

      Example

      curl -v -u Administrator:password \
http://localhost:8091/settings/ldap
{
  "authenticationEnabled": false,
  "authorizationEnabled": false,
  "bindDN": "",
  "bindPass": "",
  "cacheValueLifetime": 300000,
  "encryption": "None",
  "failOnMaxDepth": false,
  "hosts": [],
  "maxCacheSize": 10000,
  "maxGroupCacheSize": 1000,
  "maxParallelConnections": 100,
  "middleboxCompMode": true,
  "nestedGroupsEnabled": false,
  "nestedGroupsMaxDepth": 10,
  "port": 389,
  "requestTimeout": 5000,
  "serverCertValidation": true,
  "userDNMapping": "None"
}

      POST /settings/ldap

      Description

      This command establishes an LDAP server to provide authentication-support for Enterprise Analytics.

      Syntax:

       curl -X POST -u <administrator>:<password>
    http://<host>:<port>/settings/ldap
    -d args
    .
    .

      Example

      curl -v -X POST -u Administrator:password \
http://localhost:8091/settings/ldap \
-d hosts=172.23.124.25 \
-d port=389 \
-d encryption=StartTLSExtension \
-d serverCertValidation=true \
--data-urlencode cacert@/path/to/cert \
-d bindDN='cn=admin,dc=example,dc=com' \
-d bindPass=password \
-d authenticationEnabled=true \
--data-urlencode userDNMapping='{"template":"uid=%u,ou=users,dc=example,dc=com"}' \
-d authorizationEnabled=true \
--data-urlencode groupsQuery='ou=groups,dc=example,dc=com??one?(member=%D)'
      Table 1. Controller parameters
      Parameter Description

      authenticationEnabled

      Enables using LDAP to authenticate users. true enables, false disables.

      authorizationEnabled

      Enables using of LDAP groups for authorization. true enables, false disables.

      hosts

      Comma-separated list of LDAP hosts.

      port

      LDAP port

      encryption

      Encryption method to communicate with LDAP servers. Can be StartTLSExtension, TLS, or false.

      maxParallelConnections

      Maximum number of parallel connections that can be established with LDAP servers.

      middleboxCompMode

      Whether networking TLS middlebox compatibility is on or off. Defaults to true which enables middlebox compatibility. See Advanced Settings on the Configure LDAP page for more information about this setting.

      serverCertValidation

      Whether server certificate validation be enabled: true enables, false disables.

      cacert

      Certificate in PEM format to be used in LDAP server certificate validation, if serverCertValidation is true.

      maxCacheSize

      Maximum number of requests that can be cached: defaults to 10000.

      requestTimeout

      The timeout for LDAP requests, in milliseconds.

      userDNMapping

      Controls how Enterprise Analytics maps usernames supplied by authentication attempts to LDAP Distinguished Names (DN). The value contains a JSON object with one of three keys: template, query, or advanced.

      • template: the value for this key must contain a template that directly maps the username to a DN.

      • query: the value for this key must contain an LDAP query to search for the user.

      • advanced: the value for this key contains an array of JSON objects. Each object has a key that defines a regular expression for Enterprise Analytics to match against the username, and a replacement string that formats a DN template or LDAP query.

      For more information, see User Authentication Enablement.

      bindDN

      DN to use for searching users and groups synchronization.

      bindPass

      Password for bindDN user.

      groupsQuery

      LDAP query, to get the users' groups by username in RFC4516 format. The %u and %D placeholders can be used, for username and user’s DN respectively. If attribute is present in the query, the list of attribute values in the search result is considered as list of user’s groups (single entry result is expected): for example: '%D?memberOf?base'.

      If the attribute is not present in the query, every returned entry is considered a group: for example, 'ou=groups,dc=example,dc=com??one?(member=%D)'

      nestedGroupsEnabled

      If enabled Enterprise Analytics will try to recursively search for groups for every discovered ldap group. groupsQuery will be user for the search.

      nestedGroupsMaxDepth

      Maximum number of recursive groups requests the server is allowed to perform. This option is only valid when nested groups are enabled. Value must be an integer between 1 and 100: the default is 10.

      cacheValueLifetime

      Lifetime of values in cache in milliseconds. Default 300000 ms.

      clientTLSCert

      A certificate to be used by Enterprise Analytics as a client, in authentication with LDAP.

      clientTLSKey

      The private key that corresponds to Enterprise Analytics’s client certificate, for use in authentication with LDAP.