LDAP Authentication
If you use LDAP authentication, set the fields described in this section.
![Screenshot of the LDAP server fields](../../image/1668554c5889aa.gif)
Note
The MarkLogic SSL App Server can work with SAN or Wild Card certificates. However, the MarkLogic LDAP client will not accept or work with a SAN or Wildcard-based certificate.
Field |
Description |
---|---|
ldap server uri |
If authorization is set to |
ldap base |
If authorization is set to |
ldap attribute |
If authorization is set to |
ldap default user |
The LDAP default user. Required if authentication is kerberos and authorization is ldap or bind method is simple. If you specify an ldap-bind-method of simple, this must be a Distinguished Name (DN). If you specify an ldap-bind-method of MD5, this must be the name of a user registered with the LDAP |
ldap password confirm ldap password |
The password and confirmation password for the LDAP default user. Required if authentication is kerberos and authorization is ldap or bind method is |
ldap bind method |
The LDAP bind method to use. This can be either When using a bind method of A bind method of |
ldap memberof attribute |
The optional ldap attribute for group lookup. If not specified, |
ldap member attribute |
The optional ldap attribute for group lookup. If not specified, |
ldap start tls |
Whether or not to use start TLS request to the LDAP server. Set to |
ldap certificate |
The PEM encoded X509 certificate for MarkLogic server to connect the LDAP server using mutual authentication. Required if bind method is |
ldap private key |
The PEM encoded private key corresponding to the certificate. Required if bind method is |
ldap nested lookup |
Whether or not to perform nested group lookup. |
ldap remove domain |
Whether or not to remove domain before matching with ldap-attribute. |