Support for external authentication via non-Microsoft LDAP servers

  • KM03130381
  • 26-Mar-2018
  • 09-Oct-2019

Summary

Support for external authentication via non-Microsoft LDAP servers

Question

Support for external authentication via non-Microsoft LDAP servers

Answer

Problem

User is unable to access ALM via external authentication other than Microsoft LDAP

Cause

Previous versions of ALM only support Microsoft LDAP. ALM uses "userAccountControl", which is a Microsoft LDAP specific attribute. This attribute is not commonly used by other LDAP products.

Fix

To support different LDAP servers, add the following site parameters:

EXTERNAL_VALIDATE_ATTR_IN_LDAP: Set the LDAP attribute to validate the user according to your LDAP server configuration.

EXTERNAL_VALIDATE_ATTR_TRUE_VALUE: Set the LDAP attribute value to indicate that the user is active in ALM (for example, 'TRUE').

If EXTERNAL_VALIDATE_ATTR_IN_LDAP is not set, ALM uses the “userAccountControl” attribute.

If EXTERNAL_VALIDATE_ATTR_IN_LDAP is set, ALM uses this attribute and compares its real value with EXTERNAL_VALIDATE_ATTR_TRUE_VALUE, if the 2 values match, the authentication succeeds, otherwise it fails.