pGina Documentation

LDAP Authentication Plugin Documentation

How the LDAP Plugin Works

The LDAP Authentication plugin provides authenication services via a LDAP server. It maps the user name to a LDAP Distinguished Name (DN) and attempts to bind to the LDAP server using the DN. If the bind is successful, it provides a positive result to the pGina service.

The user name can be mapped to a DN by one of two means: via simple pattern substitution, or via a search of the LDAP database. When a search is used, the plugin connects to the LDAP server anonymously (or via supplied credentials) and attempts to find an entry for the user. If the entry is found, the plugin closes the connection and attempts to bind again using the DN of the entry, and the password provided by the user. If this bind is successful, the plugin registers success.

The LDAP Authentication plugin provides support for SSL encryption and failover to one or more alternate servers.

Typical Setup

A typical (minimal) setup for LDAP authentication is to enable the Local Machine plugin in the authentication and gateway stages, and enable LDAP in the authentication stage. Within the authentication stage, order the LDAP plugin before Local Machine.

Configuration

The configuration interface for the LDAP authentication plugin is shown below.

LDAP configuration

Each configuration option is described below: