Printer FriendlyEmail Article Link

Velocity – LDAP configuration for VDS

Environment/Versions
Velocity 8.0-8.x
Answer

LDAP configuration for VDS

On this document we will be configuring Velocity to connect to the integrated LDAPS solution on the VDS server.

Under the Authentication tab in the Velocity configuration page, you will find the LDAPS settings:

Note:
Since velocity 8.3.0 the secure protocol is the only one supported by VDS, ldaps as LDAP Proto should be used and 636 as port number.

The next information is required in order to configure VDS as a LDAPS server: 
  • LDAP Proto: for secure communication use ldaps  |  for regular protocol without SSL use ldap
  • LDAP Server: FQDN or IP of the LDAP Server to use.
  • LDAP Port: Port number for the LDAP server to use 636 for ldaps  | 389 for ldap
  • LDAP Initial Bind User: If your LDAP server does not allow anonymous bind, then you need to specify a user and password that Velocity can use to do its initial bind.If VDS is used as the LDAP server, enter the VDS admin password in this field.
  • LDAP Initial Bind Password: password for the user provided in the previous field “LDAP Initial Bind User”
  • LDAP Search Base: The search base defines the starting point for the search in the directory tree
  • LDAP User Search Filter: Search filters enable you to define search criteria and provide more efficient and effective searches.
  • LDAP User Name Attribute: The attribute to use to display the user name.
Note:
If your company has its own LDAP or LDAPS service enabled in your network and the server is reachable by Velocity server, then you can use the information provided by your IT team to populate the above fields and use your company authentication service instead of VDS.

Also the quick configuration links are available in the velocity configuration UI:



If you click on any of those links some of the fields will be automatically populated.
Note:
Do not forget after any change performed click on save changes and reboot to apply the changes.

Multiple LDAP fallback services.

You can configure a second server as a fallback option for situations when your main authentication service gets down.
For doing this at the bottom of the authentication page in the configuration page of velocity you will find the secondary set of configuration fields:
 
In that link you will find the same fields and they can be configured in the same way that it was done in the “LDAP configuration for VDS”.
 

Workflow in a Multiple LDAP fallback services configuration:

1.Main Authentication service from company gets down or unreachable due network intermittence.
If a secondary server is configured, then velocity will timeout the login tries to the main authentication server and then it will query the secondary server.
It could be useful to have a local VDS instance configured as secondary authentication server with a few users to keep accessibility to the server even if the main authentication system is out of service.
 
2.Have different set of user accounts in two LDAP systems.
In this case velocity will query for a specific user account to the main authentication server, if the account is not present in that server, it will time out and proceed to query the secondary server.
If the secondary server locates the user account and get back the authorization for the user to velocity, Velocity will allow the access to that user.
 
Note:
Do not forget after any change performed click on save changes and reboot to apply the changes.

Product : Velocity Core,Velocity Portfolio