Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

OpenAthens can connect directly to an LDAP server so that you do not have to issue accounts yourself. It can connect to anything Anything that uses the standard LDAP protocols so includes things such as is acceptable e.g. ActiveDirectory and OpenLDAP.




The name of the connection as it will appear to users

Directory type

Used to set default values for the server port and filter

Server host

The address where OpenAthens can connect to your server. This address will need to be accessible from outside of your network

Server port

The port that your server uses for LDAP traffic. You can specify a non-standard port if nessisary.

Connection type

The form of security used. StartTLS is standard but ldaps:// can be chosen for older systems.

Admin bind DN

The distinguished name of a user that can connect and view all the users you need to authenticate

Bind password

The password for the user specified in the admin bind

Base DN

The distinguished name of your directory.


Allows you to specify the username field and optionally include other requirements. The field you choose to =${uid} will be the user identifier in statistics reports

Live & visible = production ready. Users will be able to access this login at the authentication point

Live and not visible = testing. Will work with the right type of URL, but will not appear at the authentication point.

Not live = cannot be used. The visibility setting is ignored.

Changes to the status can take up to PLACEHOLDER-TIME to go live.

Example filters

PLACEHOLDERcn=${uid} - default LDAP filter where cn is the username

(&(objectCategory=Person)(sAMAccountName=${uid})) - Default AD filter using the windows login as the username

(&(objectCategory=Person)(mail=${uid})(memberOf=cn=students,dc=domain,dc=com)) - AD filter using email as the username and limited to the student group.