Configure LDAP Authentication

Access to the application’s server.
Access to the security.properties file.¹
Access to the Tenant Properties screen.²
Review Login Policy LDAP/AD, and About Security Authentication topics.
Review KB Article: How to Manage LDAP Truststore portability on Upgrades of TeleStaff and Planner (000152150)

To enable LDAP authentication you must configure both the security.properties file or security area in Tenant Properties, and a Login Policy. The task below starts with the configuration of security properties; however, you may configure the Login Policy prior to the security properties file.

Options are:
- Navigate to the configuration folder in the application’s directory. In the configuration folder, open the security.properties file in Notepad to display the default file path locations for each component. The default location is C://Program Files > “Application Name”> configuration > security.properties file.
- Navigate to the System > Tenant Properties > Security table.
In security.profiles=SECURITY-WEB³, enter the security profile for LDAP; for example: security.profiles=SECURITY-WEB-LDAP
Optional - To identify multiple profiles enter the desired security profiles comma separated; for example:security.profiles=SECURITY-WEB-LDAP,SECURITY-KERBEROS,SECURITY-WEB
Note no space after the comma and be sure to set all applicable settings when entering multiple security profiles.
In security.ldap.domain, enter your company’s domain name; for example, Kronos.com
In security.ldap.userDn, enter the username for the LDAP you are connecting to.
In security.ldap.password, enter the password that corresponds to the username in the previous step.
In security.ldap.userDNPatterns, enter the user domain name pattern. Refer to the security.properties file for format specifics.
Save the file to confirm your settings.
Stop and Restart the application to initiate your new settings.
Go to: Setup > Login Policy to create a new Login Policy.
Click Add, to create a new Login Policy or click an existing Login Policy to edit.
In Active Directory/LDAP, select the check box Authenticate via Active Directory/LDAP.
Click Save.
Assign this login policy to personnel who will be using AD/LDAP authentication.
Important: Be sure the person’s Login ID or User ID match those of the external provider. For example, if the AD Login ID is set to use the username without the domain prefix or suffix extension and the person’s domain login ID is John.Doe@kronos.com, then their Login ID for this application will be: “John.Doe”.

LDAP Directory Sample Settings

LDAP Directory Sample Settings
`security.ldap.domain=ldaps://ldap.yourCompany.com;636/dc=yourCompany,dc=com security.ldap.userDn=cn=Manager,dc=yourCompany,dc=com security.ldap.password=####### # set multiple dn patterns by separating them with a ‘^’ character. # i.e. uid={0}, ou=people^uid={1}, ou,orgs security.ldap.userDnPatterns=uid={0},ou=people`


security.ldap.domain=ldaps://ldap.yourCompany.com;636/dc=yourCompany,dc=com
security.ldap.userDn=cn=Manager,dc=yourCompany,dc=com
security.ldap.password=#######
# set multiple dn patterns by separating them with a ‘^’ character.
# i.e. uid={0}, ou=people^uid={1}, ou,orgs
security.ldap.userDnPatterns=uid={0},ou=people