Fields: LDAP Configuration
Path: LDAP Configuration
LDAP Configuration lists variables that affect the use of LDAP in SirsiDynix e-Library.
Specifies the environment level at which to apply settings.
LDAP Configuration Variable List
Displays a list of the variables you can change for the LDAP Configuration section.
The list displays this information:
|
Option |
Description |
|
Variable |
Displays the name of the variable. Hover your mouse cursor over the variable name to see a tool tip with more information about the field. |
|
Value |
Specifies the value to use for the variable. This option is only enabled when Use Base is not checked. Depending on the type of variable, you can select Yes or No for the value, enter text, or select an option from a list. |
|
Use Base |
Specifies whether to use the displayed Base Value for the variable in the specified Environment. |
|
Base Value |
Displays the default value used for the variable at the selected Environment level. |
The Address of the LDAP Server
This variable is the numerical IP address or descriptive name of the LDAP server. For example: 208.77.188.166 or example.com.
This corresponds to the LDAP_ADDR variable in the system.env file.
This variable is the number of the port on the LDAP server that handles LDAP requests. E-Library uses this port number to send LDAP requests and to receive data from the LDAP directory. Standard values are 389 for non-SSL ports, and 636 for SSL ports.
This corresponds to the LDAP_PORT variable in the system.env file.
This variable is the field in the LDAP records where e-Library looks for usernames during authentication. The name of this field depends on the kind of LDAP directory your library has. To correctly set this variable, contact your LDAP system administrator to identify which field holds usernames in the LDAP directory. Common values are sAMaccountname and UID.
This corresponds to the USER_ID_TAG variable in the system.env file.
This variable is the Base Distinguished Name (DN) for LDAP authentication. LDAP directories use the DN to create a unique identifier for each LDAP record. The Distinguished Name consists of several fields in the LDAP record, combined in a certain order. For example, the combination: CN=Users,DC=DevAD,DC=tst
creates a unique identifier that looks like this:
Users@DevAD.tst
This corresponds to the BASE_DN variable in the system.env file.
This variable is the library policy name for validation of LDAP credentials against the ILS. In other words, this Library policy defines which library the patrons in the LDAP directory belong to. The Library policy is defined in SirsiDynix Symphony Workflows.
This corresponds to the LDAP_LIBR variable in the system.env file.
The User Access Policy for LDAP
This variable is the User Access policy name for validation of LDAP credentials against the ILS. In other words, the User Access policy defines what kind of access the patrons in the LDAP directory have to SirsiDynix Symphony. The User Access policy is defined in SirsiDynix Symphony Workflows.
This corresponds to the LDAP_UACS variable in the system.env file.
The Clearance Policy for LDAP
This variable is the Clearance policy name for validation of LDAP credentials against the ILS. In other words, the Clearance Policy defines the highest level of clearance the patrons in the LDAP directory can access through e-Library. The Clearance policy is defined in SirsiDynix Symphony Workflows. This variable is only used when the Accountability module is in use.
This corresponds to the LDAP_CLRN variable in the system.env file.
This variable reflects whether BIND is used for LDAP authentication. The BIND setting is configured on the LDAP server, and this variable should be set to match the configuration of the LDAP server.
If BIND is used, the LDAP directory requires the use of a specific username that has rights to search for user credentials during authentication. This prevents searching of the LDAP directory by unauthorized users. You specify the authorized username and password in the next two variables.
This corresponds to the BIND variable in the system.env file.
The Distinguished Name for BIND
This variable is the unique name of the user with searching rights that connects to the LDAP server in order to search for patron credentials. These credentials are only used if Use BIND for LDAP is set to Yes.
This corresponds to the BIND_DN variable in the system.env file.
This variable is the password for the user with searching rights that connects to the LDAP server in order to search for patron credentials. These credentials are only used if Use BIND for LDAP is set to Yes.
This corresponds to the BIND_PASSWORD variable in the system.env file.
This variable reflects whether SSL is used for LDAP authentication. The SSL configuration is set on the LDAP server, and this variable should be set to match it.
This corresponds to the SSL_AUTHENTICATION variable in the system.env file.
This variable is the full path location of the certificate file for SSL LDAP authentication.
E-Library uses the certificate file to prove its identity to the LDAP server.
This corresponds to the CERT_FILE_LOCN variable in the system.env file.
Allow only LDAP logins
If this variable is set to Yes, e-Library will only allow patrons to log in with credentials that are stored in an LDAP directory (such as a student or staff ID). If it is set to No, e-Library will also allow patrons to log in using the barcode and PIN from the their library card.
For more information about this field, see Allowing only LDAP authentication for logins.
This corresponds to the LDAP_ONLY_LOGIN variable in the system.env file.
Specifies whether to make the user-entered User ID all uppercase before submitting it to the LDAP server for validation, or to submit it using the entered case.
When validating credentials against an LDAP directory, this variable should generally be set to No, since most LDAP directories are case sensitive.
The only time you should set this option to Yes is when all the User IDs in the LDAP directory are all uppercase and you want users to be able to enter the value using any case they want.
Specifies to save all changes made.
Note: You do not need to save changes to each page. This button saves the settings made to all pages of the Admin console.