Modify LDAP Identity Provider
This topic describes how to modify the existing details for the LDAP account.
- Log in to Configuration Hub as an administrator.
-
Go to
.The existing list of identity providers appear.
-
Select the LDAP identity provider.
The existing information for the identity provider appears on the DETAILS panel.
-
Select
to display the details in a pop-up screen.
The LDAP Identity Provider screen appears.
-
You can modify the existing information and save the changes.
-
To modify existing search criteria values, place your cursor and enter the new
value for the respective criteria.
Use these settings to enable the sub-directories in your search criteria.
Search Criteria Example Value Description Group Base OU=Sales,OU=Groups,OU=Enterprise,DC=company,DC=com
Defines the starting point for the LDAP group search in the active directory tree. CN=Common Name. DC=Domain Component. OU= Organization Unit Name. The CN and DC is typically required, and the OU is optional.
If you use only
DC=Ge,DC=com
, timeout may occur due to slow system response. Use the exactOU
to avoid timeout.User Base OU=Sales,OU=Users,OU=Enterprise,DC=company,DC=com
Defines the starting point for the LDAP group user search in the active directory tree. If you use only
DC=pa,DC=com
, timeout may occur due to slow system response. Use the exactOU
to avoid timeout.User Filter cn={0}
Allows the LDAP user (active directory user) to login with their display name. This is field is populated by default. sAMAccountName={0}
Allows the LDAP user (active directory user) to login with their account name (Windows login name). This is field is populated by default. Group Filter member={0}
Retrieves the memberOf
attribute values for the specific user. This is field is populated by default.Max Filter 10
Defines the maximum depth for searching the LDAP groups. The default value is 10
.For very large systems, set the value to
2
as it may impact system performance.