LIVEACTION, INC. LDAP Configuration Guide CONFIGURATION LiveAction, Inc. 3500 Copyright WEST BAYSHORE 2016 LiveAction, ROAD Inc. All rights reserved. LiveAction, LiveNX, LiveUX, the LiveAction Logo and PALO LiveAction ALTO, CA Software 94303 are trademarks of LiveAction, Inc. Information subject to change without notice.
Summary Product and Version LiveAction 4.3.0 Affected Devices Document Name LiveAction LDAP Configuration Guide Updated Alex Cameron (April 2015) LDAP authentication allows users of LiveAction to take advantage of their LDAP server to create, manage, and authenticate users who gain access LiveAction. Configuring LDAP in LiveAction is a straightforward task, but it does require that users leverage information within their LDAP server to properly configure LDAP authentication in LiveAction. This guide can be used to assist users to properly configure LDAP authentication within LiveAction. Required LDAP Information for LiveAction There are several pieces of information that need to be gathered before LDAP can be configured properly: LDAP Server IP Address The name of the User being authenticated Password for the User name Bind DN information Base DN Attribute Mappings for Username & Full Name If you have any questions about this guide, or need any assistance in general please contact LiveAction support: support@liveaction.com 1-1 LDAP Configuration Guide
LDAP Server IP Address To receive the LDAP Server information you must either know, or find out the IP Address of the server from the LDAP system administrator. Bind DN Information The Bind DN information can be discovered by connecting to the LDAP server and opening the Active Directory Users and Computers window, right click on the user that is being authenticated against, and select Properties. Next, you will need to select the Attribute Editor tab and scroll down until discovering the distinguishedname. From here, you will copy the exact Value to be used in LiveAction for the Bind DN field. The one here is: CN=LiveAction,CN=Users,DC=liveaction,DC=qa,DC=com In some LDAP Server versions, the Attribute Editor is not available by default. You need to go to View and turn on the advanced options on the Server Manager! 1-2 LDAP Configuration Guide
Base DN Base DN s are important, as they are the containers in which you are allowing LiveAction to look for LDAP users. Similar to the Bind DN, the Base DN can be found by looking at the Attribute Editor. Instead of looking at the user, right click on the containing folder and select Properties. From within the Attribute Editor, you can see the Base DN information: CN=Users,DC=liveaction,DC=qa,DC=com From here, you can see the Base DN as the Attribute distinguishedname, and the Value is CN=Users,DC=liveaction,DC=qa,DC=com. This means that you are only giving the permission to look in those specific folders for users. If you wanted to look at all User folders for the sdfqa tree, then you could use DC=liveaction,DC=qa,DC=com as the Base DN. 1-3 LDAP Configuration Guide
Attribute Mappings Next, it is necessary to find the Attribute Mappings for Username & Full Name. To find this, you will need to look at LiveAction s properties and browse to the Attribute Editor tab. In the example below, search for samaccountname in the Attribute column, and in the Value column, we used LiveAction for its Username. After, scroll down to displayname for the Full Name. This part can be tricky and you may need to decide which Attribute you want to use for its Value. The example shown above is from using an earlier version of LDAP, and the Attribute may be different on newer versions. For example, instead of samaccountname the Attribute can be mapuserto for the Username. 1-4 LDAP Configuration Guide
Configuring LDAP in LiveAction With all the information that you have gathered in the previous steps, now it is time to configure LDAP in LiveAction. LDAP Server = 172.25.25.25 Username = LiveAction Password = Password Bind DN = CN=LiveAction,CN=Users,DC=liveaction,DC=qa,DC=com Base DN = DC=liveaction,DC=qa,DC=com Attribute Mappings Username = samaccountname and Full Name = displayname LDAP Authentication Settings To configure LDAP, begin by launching your LiveAction Client, select Users > User Management In the User Management window, select LDAP Authentication Settings: 1-5 LDAP Configuration Guide
Now, in the LDAP Authentication Settings window, you can fill out the fields with the information you collected from the LDAP Server/Administrator. Next, click on Certificate Manager and import the LDAP Certificate. Enter the Host/IP and then click on Search. After the certificate has been found, select Import and Close. 1-6 LDAP Configuration Guide
After filling out all the required fields, a LiveAction user can Test Connection Settings to verify the settings are correct. If the Bind DN: field is left blank and a user selects Test Connection Settings, another dialogue box appears, which allows a LiveAction user to manually enter the Username or the complete Bind DN field can be used. The user must enter the correct password or the test will fail. You will get the following LDAP Server Connection Test result, if the LDAP Server IP, Bind DN, and Password are correct: If you do not enter a Bind DN, you will receive the following results after Test Connection Settings: 1-7 LDAP Configuration Guide
Adding LDAP Users to LiveAction Now that you have completed the LDAP Authentication Settings, let s begin adding users. From the User Management window, click on Add. After clicking on Add, LiveAction should take a few moments to search the LDAP directory. If this process is instant, there may be some errors with the Base DN. The next window that should appear after searching for the LDAP directory, is the Add LDAP Users window. From here, you should see the Base DN(s) that you have created. When expanding the tree, you should see a list of users that can be added. 1-8 LDAP Configuration Guide
Modify LDAP Username in LiveAction It is possible to modify the LDAP username in LiveAction to something different. To do so, select Custom User from the Add LDAP User window. In the Create Custom User window, choose a username. Next, select the Role, and make sure to select LDAP Directory for the Authentication Directory. For the Authentication Method, select Map to Another LDAP Username. Copyright 2016 LiveAction, Inc. All rights reserved. LiveAction, LiveNX, LiveUX, the LiveAction Logo and LiveAction Software are trademarks of LiveAction, Inc. Information subject to change without notice.