Page History
...
Field | Explanation |
---|---|
Name | The name of the connection as it will appear at our authentication point when there is a choice of connector. |
Directory type | Used to set default values in other places on the form. |
Server host | The address where OpenAthens can connect to your server. This address will need to be accessible by our services from outside of your network. |
Server port | The port that your server uses for LDAP traffic. You can specify a non-standard port if necessary. |
Connection type | The form of security used. StartTLS is the standard but ldaps:// can be chosen if you prefer. |
Admin bind DN | The full distinguished name of a user that can connect and view all the users you need to authenticate, e.g: cn=openathens,cn=users,dn=ad,dn=yourdomain,dn=net |
Bind password | The password for the user specified in the admin bind |
Base DN | The distinguished name of your directory, e.g: dn=ad,dn=yourdomain,dn=net |
Filter | Allows you to specify the username field, plus limitations where necessary. The field you identify as =${uid} will be used as the username in login dialogs |
Display name attribute | This defaults in AD to be 'sAMAccountName' and in LDAP to 'cn'. It is the value displayed in account lists and in audit. You can choose any attribute. |
Unique user attribute | This should be an attribute that will always be unique to that user and it is used in the generation of targetedIDs and statistics. It defaults in AD to 'objectGUID' and in LDAP to 'cn'. If you are migrating from another local authentication system, you may want this to match your old setting. Pseudonymous identifiers are recommended where they are available. |
Salt value | The salt used to generate a targetedID for users authenticated by this connection. You might edit it if you were migrating from something like OpenAthens LA to MD so that your users can have the same targetedID value when they change systems. If you set it to blank the connection will use the same salt as your MD accounts. Modifying this after you go live will change the identifiers seen by service providers for your users... which is rarely desirable. |
Status | Not live = Can only be used in debug mode. Live and not visible = Can only be used in debug mode. Live & visible = production ready. Users will be able to access this login at the authentication point. If you have only one connection it will become the default login whenever your organisation is known (e.g. for any resources where access involves your entityID). Changes to the status usually take effect within moments. |
Create local accounts | Automatically - any user authenticated by your system is deemed ok and will be accepted by the system Manually - only user IDs you have previously uploaded will be accepted by our systems. See how to limit which local accounts can sign in |
...