LDAP Accounts

SupportPal currently supports LDAP v2, also known as "simple bind", as an additional method of authentication for operators.

Contents

Configuration

By default LDAP is disabled and hidden from the system settings. To enable LDAP authentication for operators, you should enable it via the User General Settings. To begin configuring LDAP accounts click the "Add LDAP Account" link.

LDAP Account

Setting Name Description
LDAP Server The server hostname. Alternatively, you can specify the full LDAP URI. For example: ldaps://ldap.server:1234/ will connect via SSL to the port 1234.
LDAP Username The username that the operator will use to login to the help desk (their LDAP username.)
LDAP RDN or DN The distinguished name for the LDAP username, for example: cn=Sample User,ou=people,dc=example,dc=com

Operator Details

Each LDAP account must be associated with a help desk operator account in order to inherit, and configure, operator settings. Here you can associate the LDAP account with an existing operator account or create a new operator account.

Basic Usage

Operators with an associated LDAP account can login using their LDAP account username and password.

Common Issues

ldap_bind(): Unable to bind to server: Can't contact LDAP server

Description
Possible Cause Self-signed SSL certificate (ldaps://my.server/)
Resolution Windows:
  1. Create the following directory: "C:\OpenLDAP\sysconf"
  2. In "C:\OpenLDAP\sysconf" create a file called "ldap.conf"
  3. Add "TLS_REQCERT never" (without quotes) at the end of the file
  4. Restart your web server.
Ubuntu:
  1. Navigate to "/etc/ldap/"
  2. Open the file "ldap.conf"
  3. Add "TLS_REQCERT never" (without quotes) at the end of the file
  4. Restart your web server.