Information for: DEVELOPERS   PARTNERS

Integration: LDAP

This is an add-on feature. Contact your Account Manager to add this feature to your subscription.

By integrating with your Lightweight Directory Access Protocol (LDAP) directory, you can enable LDAP-based user accounts to authenticate with Acquia DAM. The integration should be handled by your company’s LDAP admin, who must have an Acquia DAM account with admin privileges.

Configuring an LDAP connection

To establish an LDAP connection from Acquia DAM, complete the following steps:

  1. Sign in to Acquia DAM as an admin.

  2. Click the gear icon in the upper right corner of the page, and then click System Preferences.

  3. In the left menu, scroll to LDAP Settings.

  4. Enter values in the following fields to provide your LDAP Server settings:

    LDAP settings example

    • Enable check box - Select this check box to enable LDAP authentication for Acquia DAM after you have completed and verified your configuration.
    • Server - LDAP server hostname or IP address
    • Base DN - Search Base Distinguished Name (DN), such as in the following example: ou=users, dc=company, dc=com
    • Port - Common ports are 636 for SSL connections, and 389 for non-SSL connections, including TLS. Ensure proper firewall access is enabled to the Acquia DAM production IP addresses (52.70.22.230, 52.70.142.178)
    • SSL check box - Select this check box if SSL LDAP port is in use
    • Username - (not necessary for an anonymous bind) The Bind DN. For example, cn=service_account, ou=admin, dc=company, dc=com
    • Password - (not necessary for anonymous bind) Password for Bind DN
    • Groups - (optional) Group membership of the LDAP user account, for example, users
    • Search - Attribute to locate LDAP user account, such as uid. For Active Directory setups, use: sAMAccountName
  5. To test your connection, in the Test Connection panel enter a Username and Password, and then click Test Connection. Possible test status messages are listed in the connection messages table.

  6. In the Settings panel, select Enable to enable LDAP authentication in Acquia DAM. Enable LDAP settings

  7. Click Save to commit your changes.

Users can now sign in using their LDAP credentials.

Verifying your LDAP login

Complete the following steps to verify that LDAP logins are functioning correctly:

  1. Go to http://company.example.com/splash.phpto test the LDAP login, replacing company.example.com with your company’s domain name.
  2. At the sign-in page, enter a username and password that reside in the LDAP database, and then click Login. If the login is successful, you will receive a Registration successful notification. If the login was not successful, refer to the connection messages table.

Approving new users by default

If you would like new user accounts propagated from LDAP to be approved by default, complete the following steps:

  1. Sign in to Acquia DAM as an admin.
  2. Click the gear icon in the upper right corner of the page, and then click System Preferences.
  3. In the left menu, scroll to Preferences.
  4. In the Users and Groups section, clear the New users must be approved after registering check box. This change will take effect immediately.

Connection messages

The following table describes possible connection messages from Acquia DAM when testing your LDAP connection:

Message Description
Success. Was able to connect and authenticate user LDAP configuration is successful. LDAP authentication is ready to be enabled in Acquia DAM.
LDAP error message: (-1) - Can’t contact LDAP server Acquia DAM is unable to connect to LDAP server. Allow proper firewall access to LDAP server and LDAP port for the Acquia DAM Production IP addresses 52.70.22.230 and 52.70.142.178.
LDAP error message: (34) - Invalid DN syntax Bind DN is misconfigured. Supply proper Bind DN credentials or remove for Anonymous binds.
LDAP error message: (49) - Invalid credentials Supplied LDAP credentials may be incorrect. Submit proper LDAP credentials. The attribute search may also be incorrect. Make to supply correct attribute to locate LDAP account.