Add an LDAP Server
- Open District Options, click Edit adjacent to LDAP Servers, and then click Add Server.
- Next to User-Defined Display Name, enter the name (up to 80 characters) that you want to appear on the LDAP Setup page and the LDAP Mappings page.
For details, see Map patrons to LDAP servers.
- Next to Host Name / IP, enter the server name or IP address of your LDAP server.
If your Patron Types require different DNs for authentication, you may need to set up the same server more than once, specifying the correct DN for each.
- If you are not using the default port number, enter the port number through which you will be connecting.
The default port number is 389 for regular communication (not using SSL) or 636 for encrypted communication (using SSL).
noteDestiny® supports unencrypted and SSL connections only. It does not support SASL.
- Next to Distinguished Name, specify the bind DN to use when connecting to the LDAP server.
Each component of the DN consists of an attribute that names the object, an equals sign, and the value of the attribute. Components are connected by commas.
Destiny® allows you to use pre-defined tokens to replace the value of an attribute. When a patron attempts to log in, the token is replaced with the appropriate value, taken from the patron or site record in Destiny.
The acceptable token values are defined the token table, below.
- Next to Authentication, select either Unencrypted or SSL.
- Click Save when you are done.
To support SSL for LDAP, you must provide Destiny with a public encryption key (digital certificate). Destiny includes a certificate management utility called keytool that helps you update the cacerts keystore and add your root CA certificate.
notes
If the bind does not authenticate the patron's password, an error message appears, indicating the failure of the login. The login page then reappears.
If the Destiny patron record contains a password, an LDAP bind is not initiated; the user must log in using that password.
In LDAP, all names are case sensitive and spaces are significant.
| ${USERNAME} |
User (login) Name
patron record
|
| ${SITENAME} |
Site Name
Edit Site page
|
| ${SHORTSITENAME} |
Short Name
Edit Site page
|
| ${PATRONTYPE} |
patron record
text version
Example: Faculty
|
| ${ACCESSLEVEL} |
patron record
text version
Example: Administrator
|
| ${DISTRICTID} |
District ID
patron record
|
| ${UD1} |
User Defined 1
patron record
|
| ${UD2} |
User Defined 2
patron record
|
| ${UD3} |
User Defined 3
patron record
|
| ${UD4} |
User Defined 4
patron record
|
| ${UD5} |
User Defined 5
patron record
|
| ${SIFREFID} |
patronid from SIFRefids sr where sr.patronid = p.patronid "{132313123-1231-1312-12312312}"
|
examples
For Active Directory users:
${USERNAME}@myschool.edu
For other directories:
uid=davesmith, o=Users, dc=d15, dc=org
uid=${USERNAME}, ou=${PATRONTYPE}, ou=people dc=myschool, dc=edu
|
|