Connecting the LDAP directory service
The LDAP option provides an interface between the Product 360 - Media Manager system and an ADS server, to reduce the amount of administration work for users in the two systems and eliminate redundancy.
It is implemented in every module, which forwards login requests from Product 360 - Media Manager to a directory service, synchronizes the data in this service with the Product 360 - Media Manager system and ensures that access to and rights in Product 360 - Media Manager are in line with your requirements.
LDAP stands for Lightweight Directory Access Protocol and represents a method of mapping structured directories, e.g. for employees or customers. ADS from Microsoft stands for Active Directory Service and is an implementation of LDAP, which is very similar to LDAP but differs from it on certain points. ADS is mostly used in Windows networks with domains.
ADS and LDAP provide extremely versatile configuration options. As a result, it is not possible to make a general statement about what extensions are necessary for the interface to the LDAP module. Further information can be found in the license conditions.
Start the Administration module.
Select the menu System > System parameters and enable Activation of LDAP Login (If this optio was disables a restart is needed)
Select the menu ADS/LDAP > LDAP server settings to open the overview list of ADS/LDAP servers.
Click on to create a new ADS/LDAP server.
Adapt the following settings on the Master tab:
Under Designation you enter the designation of your choice for your server. The designation has no influence on the operation of the module or the directory service server.
Under Domain name you need to enter the name of your domain (e.g. mycompany.com).
Under Server addressame you need to enter the name (or the IP address) at which your directory service server can be contacted.
Under Server port you need to enter the port at which your directory service server can be contacted (default: 389).
Attribute of group assignments, default is memberOf
When you have finished entering your settings, click on Save.
Now you have to create the mapping between the Product 360 - Media Manager user groups and the ADS user groups:
Select the menu ADS/LDAP > LDAP group settings.to open the overview list for group assignments.
Create new group assignments, e.g. LDAP group: CN=companyname,OU=groups,OU=mycity,DC=mycompany,DC=com
Select the corresponding Product 360 - Media Manager user group.
Click on Save.
Advanced LDAP configuration
Available since 8.0.5.03, 8.0.6.01 and all 8.1.x versions
It is possible to define the LDAP server queries within the native Media Manager administration. This is necessary if the connected LDAP server do not accept the default settings used by the Media Manager.
Enter the LDAP filter queries here
userFilter |
LDPA filter to find the user based on the successful login with 'userBindDN'. E.g. (&(CN={userName},OU=yourOrg,DC=myDomain,DC=com)(objectClass=user)) |
userBindDN |
LDPA filter to authenticate against the LDPA server. E.g. CN={userName},OU=yourOrg,DC=myDomain,DC=com |
userFilterBaseDN |
LDPA filter to to limit the search with 'userFilter'. E.g. OU=yourOrg,DC=myDomain,DC=com |
All these filters could used with variables 'domain' and 'userName'. 'domain' gets replaced with the given domain and 'userName' gets replaced with the given login name.
To verify the LDAP filters are correct it is recommended to test the filter with an external LDAP browser. If the filters are working in these external tool it will work in Media Manager also.
All 3 filters have to be filled to activated the advanced LDAP mode. If just 1 field is not filled the simple mode is used.