How to integrate Active directory(AD)/LDAP authentication in uKnowva

  • Print

If you are having an internal Active directory, then you may want to use the same username and password to login into uKnowva  as well, this is very well possible using the LDAP SSO plugin. Just follow the below steps

1. Login as admin

2. Go to uKnowva Configuration-->Plugin manager --> LDAP / AD Authentication (Single Signon)

save image

4. Setup the required details

save image

The variables define in above screen shot in details given below:-

1.Debug Mode:-Switch on debug mode, if you want to check if the LDAP connectivity, user retrieval, etc is working fine. All events are logged and displayed on the screen of the users if this mode is ON.

2.Disable User Creation:-If set as yes, user's will never be created in uKnowva through this plugin, they will just be authenticated through this plugin, if set to no, user's will be automatically created in uKnowva if the user does not exist but is authenticated via LDAP

3.Host:-For example: openldap.mycompany.org

4.Port:-Default port is 389

5.LDAP V3:-Default is LDAP2, but latest versions of OpenLdap require clients to use LDAPV3

6.Negotiate TLS:-Negotiate TLS encryption with the LDAP server. This requires all traffic to and from my LDAP server to be encrypted.

7.Follow Referrals:-This option sets the value of the LDAP_OPT_REFERRALS flag. You will need to set it to No for Windows 2003 servers.

8.Authorisation Method:-The authorisation method to validate the credentials

9.Base DN:-The base DN of your LDAP server, e.g o=mydomain.com

10.Search String:-A query string used for search for a given User. The [search] keyword is dynamically replaced by the User-provided login. An example string is: uid=[search]. Several strings can be used separated by semi-colons. Only used when searching.

11.User's DN:-The [username] keyword is dynamically replaced by the User-provided login. An example string is: uid=[username], dc=my-domain, dc=com. Several strings can be used, separated by semi-colons. Only used for direct binds.

12.Connect Username:-The Connect Username and Connect Password define connection parameters for the DN lookup phase. Two options are available:- Anonymous DN lookup. Leave both fields blank.- Administrative connection: Connect Username is the username of an administrative account, for example Administrator. Connect password is the actual password of your administrative account.

13.Connect Password:-The Connect Password is the password of an administrative account. This is used in Authenticate then Bind and Authenticated Compare authorisation methods

14.Map: Full Name:-LDAP Attribute which contains the User's full name

15.Map: email:-LDAP Attribute which contains the User's email address

16.Map: User ID:-LDAP Attribute which contains the User's Login ID. For Active Directory this is sAMAccountName

17.MAP: Designation:-LDAP attribute that contains the user's designation

18.Additional Profile info:-Just add the Profile FIELD_KEY and LDAP Mapping key accordingly

19.Update profile on every login:-Do you want to update all the above profile fields for the user everytime he logs in? If set to yes, then everytime the user logs in, his profile will be updated from the LDAP connection

20.Allowed Users (Optional):-In case you want to authenticate only a certain set of users using LDAP, then just enter the comman separated list of username here

For more support you can write on https://forums.uknowva.com or write to This email address is being protected from spambots. You need JavaScript enabled to view it.