Authentication Resources

The following table provides a list of resources required for LDAP configuration.

Field Example Value Where to find this information
Network peered-dhs-network The name of the pre-configured network to use. The network can be peered or public.
Important: MarkLogic does not recommend using a public network for your LDAP service configuration.
Region us-west-2 The region where your preconfigured network is located. See Supported Regions - AWS.
Name N/A Name for this LDAP configuration.
Security Admin DN CN=AWS Delegated Administrator,OU=AWS Delegated Groups,DC=ldap,DC=mlaas,DC=marklogic,DC=com The Distinguished Name for the Service Security Admin role. For details about the role, see Portal Security Roles for AWS and Instance Security Roles.
Note: A Distinguished Name (DN) is a sequence of Relative Distinguished Names (RDNs), which are attributes with associated values expressed by the form attribute=value. Each RDN attribute is separated by a comma in a DN.
DNS Address 10.0.32.193,10.0.65.140 The comma-separated list of the IP addresses of your LDAP servers.
Server URI ldaps://ldap.mlaas.marklogic.com The URI of the LDAP server.
Base DC=ldap,DC=mlaas,DC=marklogic,DC=com The starting point for search.
Default User CN=Admin,OU=Users,OU=ldap,DC=ldap,DC=mlaas,DC=marklogic,DC=com The LDAP default user to be used by MarkLogic. If you specify bind method as Simple, this must be a Distinguished Name (DN).
Password / Re-Enter Password N/A The password for the LDAP default user account.
Bind Method Simple Default is Simple. The LDAP default user must be a Distinguished Name (DN).
LDAP attribute sAMAccountName The LDAP attribute for user lookup.
Memberof attribute memberOf The LDAP attribute for group lookup. Used to search for the groups of a user.
Member attribute member The LDAP attribute for group lookup. Used to search for the group of a group.