External LDAP Authentication

You can use external LDAP server credentials to log on to the Control Panel.

Select System > Users > External LDAP Authentication to define these settings.

Note: The local admin user can always log on with their regular credentials even if the external LDAP server is inaccessible.

The following table displays example values for inputs on the External LDAP Authentication window, but you can consult your local network administrator for the appropriate values for your environment. The Group Search Base and Membership Search Filter inputs are optional; these inputs can be used to restrict which user accounts are able to log on to the Control Panel.

Table 1. Example Values for Integrating with Active Directory
Field	Example Value	Note
LDAP URL	ldap://w.x.y.z	Replace w.x.y.z with the IP or host name of your Active Directory server.
Admin User DN	CN=Administrator, CN=Users, DC=example, DC=local	Provide a valid DN.
Admin Password	password	Provide a valid password.
User Search Base	OU=Accounts,DC=example,DC=local	Replace as necessary.
User Search Filter	(&(objectCategory=person)(sAMAccountName=%u))	This should work as-is.
Group Search Base	CN=Control Panel Users,OU=Users,OU=Accounts,DC=example,DC=local	This field is optional, and it restricts logons to users in the Control Panel Users group.
Membership Search Filter	(&(objectclass=group)(member=%d))	This should be provided if a Group Search Base was provided. If so, this value should work as-is.
Verify Server Certificate	Checked or unchecked	This is optional, and toggles certificate-based verification the AD server.
Certificate Chain	A PEM-encoded certificate	Ask your AD administrator to obtain this certificate.

External LDAP Authentication

Recommendations

Map a User for LDAP Integrated Authentication

Set Up the LDAP Connection

LDAP Connection Error: "No user accounts were found"

LDAP Integrated Authentication