Authentication Resources
The following table provides a list of resources required for LDAP configuration.
| Field | Example Value | Where to find this information |
|---|---|---|
| Network | peered-dhs-network |
The name of the pre-configured network to use. The network can be peered or public.
Important: MarkLogic does not recommend using a public network for your LDAP service configuration.
|
| Region | us-west-2 |
The region where your preconfigured network is located. See Supported Regions - AWS. |
| Name | N/A | Name for this LDAP configuration. |
| Security Admin DN | CN=AWS Delegated Administrator,OU=AWS Delegated Groups,DC=ldap,DC=mlaas,DC=marklogic,DC=com |
The Distinguished Name for the Service Security Admin role. For details about the role, see Portal Security Roles for AWS and Instance Security Roles.
Note: A Distinguished Name (DN) is a sequence of Relative Distinguished Names (RDNs), which are attributes with associated values expressed by the form
attribute=value. Each RDN attribute is separated by a comma in a DN. |
| DNS Address | 10.0.32.193,10.0.65.140 |
The comma-separated list of the IP addresses of your LDAP servers. |
| Server URI | ldaps://ldap.mlaas.marklogic.com |
The URI of the LDAP server. |
| Base | DC=ldap,DC=mlaas,DC=marklogic,DC=com |
The starting point for search. |
| Default User | CN=Admin,OU=Users,OU=ldap,DC=ldap,DC=mlaas,DC=marklogic,DC=com |
The LDAP default user to be used by MarkLogic. If you specify bind method as Simple, this must be a Distinguished Name (DN). |
| Password / Re-Enter Password | N/A | The password for the LDAP default user account. |
| Bind Method | Simple |
Default is Simple. The LDAP default user must be a Distinguished Name (DN). |
| LDAP attribute | sAMAccountName |
The LDAP attribute for user lookup. |
| Memberof attribute | memberOf |
The LDAP attribute for group lookup. Used to search for the groups of a user. |
| Member attribute | member |
The LDAP attribute for group lookup. Used to search for the group of a group. |