LDAP configuration


Authentication Type

  • Negotiate: The client is authenticated by using either Kerberos or NTLM. When the user name password are not provided, the Account Management API binds to the object by using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread represents.
  • SimpleBind: The client is authenticated by using the Basic authentication.
  • SecureSocketLayer: The channel is encrypted by using the Secure Sockets Layer (SSL). Active Directory requires that the Certificate Services be installed to support SSL.
  • Signing: The integrity of the data is verified. This flag can only be used with the Negotiate context option and is not available with the simple bind option.
  • Sealing: The data is encrypted by using Kerberos.
  • ServerBind: Specify this flag when you use the domain context type if the application is binding to a specific server name.

Check Expired

Check if user account expiration date is over and user shouldn’t pass.

Check Disabled
Check if user flag is enabled/disabled on LDAP server. When flag is disabled then user shouldn’t pass.

Info data

Admin can easily load data from active directory by populating specific AD attributes (givenNames etc.) into info fields. Once all attributes are filled, it’s necessary to synchronize data with LDAP (Users -> LDAP button)