Set a logon password, and select Password never expires or the option that best fits your company's or organization's policy.
Important: Sheriff CSM uses this account to access LDAP each time a user logs in. If the password expires and is not updated in Sheriff CSM, users will not be able to log in.
Log into the Sheriff CSM web interface and go to Configuration > Administration > Main.
Click the Login Methods/Options section to expand it, and type the required values shown in the Login Methods/Options Values table.
Click Update Configuration to save changes.
Login Methods/Options ValuesParameter | Input Value |
---|---|
Enable LDAP for login | Yes |
LDAP server address | LDAP server IP address. For example: 127.0.0.1 |
LDAP server port | 389 (unencrypted) or 636 (SSL encrypted) |
LDAP server SSL | Yes (Use LDAP server with SSL) or No |
LDAP server TLS | Yes (Use LDAP server with TLS) or No |
LDAP server baseDN | LDAP server distinguished name (DN) in the format of For instance, if the DN is "example.com", you should enter |
LDAP server filter for LDAP users | General LDAP: Active Directory: Note: To restrict LDAP access to specific users, use the UserAccountControl flags. For example, the entry below allows access to a normal user account: (&(sAMAccountName=%u) See Microsoft documentation for additional options. |
LDAP Username | User Principal Name (UPN) of the user account in LDAP: loginname@domain.suffix |
LDAP password for Username | Password for the account referenced in LDAP Username. |
Require a valid Vigilante user for login | Yes — Controls user authorization by requiring creation of a user account in the Sheriff CSM with the same username as in LDAP. No — A local account is not required for initial login. When using this option, the system will automatically create a LDAP enabled local user account using the specified entity assignment and menu template. Local usernames are used to determine user permissions, for example, assigning menu templates and entities. An admin sets a password for the local account during its creation. After LDAP is set up, the local password is no longer used for authentication. If you choose No, you must select a default entity from the Entity for new user list and a default menu template from the Menus for new user list. You then assign these to users who should be authenticated by LDAP. |