This wizard helps you to create a new connection to a LDAP directory.
To start the wizard choose one of the following options:
In the Connections view select the New Connection... button or select New Connection... from the context menu.
In the Workbench window's toolbar, activate the drop-down menu on the New Wizard button and select LDAP Connection
In the Workbench menu bar select File > New > LDAP Connection .
The creation of a new LDAP connection is a four-step process:
The first page allows you to enter a connnection name and the network parameters.
Option | Description | Default |
---|---|---|
Connection name | The name of the connection. In the Connections view the connection is listed with this name. The name must be unique. | empty |
Hostname | The hostname or IP address of the LDAP server. A history of recently used hostnames is available through the drop-down list. | empty |
Port | The port of the LDAP server. The default port for non-encyrpted connections is 389. The default port for ldaps:// connections is 636. A history of recently used ports is available through the drop-down list. | 389 |
Encryption method | The encryption to use. Possible values are 'No encrypton', 'ldaps://' and 'StartTLS extension'. | No encryption |
Check network parameter | Use this function if you want validate that the entered information is correct and the server is reachable. | - |
On the second page you could specify the authentication parameters.
Option | Description | Default |
---|---|---|
Authentication Method |
Select your authentication method between:
| Simple Authentication |
Bind DN or user | The distinguished name or user ID used to bind. Previously entered DNs could be selected from drop-down list. | empty |
Bind Password | The password used to bind. | empty |
Save password | If checked the password will be saved in configuration. If not checked you have to enter the password whenever you connect to the server. Warning: The password is saved as plain text! | checked |
Check Authentication | Use this function if you want to attempt a connection plus a bind to the host upon completion of the wizard to validate that the entered information is correct. | - |
Additional authentication parameters for SASL and Kerberos:
Option | Description | Default |
---|---|---|
SASL Realm | The SASL Relam used to bind, only applicaple if DIGEST-MD5 is choosen. | empty |
Quality of Protection | The QoP to use: authentication only, with integrity protection, and with privacy protection | Authentication only |
Protection Strength | The protection strength to use | High |
Mutual Authentication | If checked mutual authentication is used, that means the server has to authenticate itself to the client. If unchecked only the client authenticates itself to the server. | unchecked |
Use native TGT | If checked the native credential cache is used, thus no additional authentication is necessary. Note that on Windows systems that requires a modification of the registry. | checked |
Object TGT from KDC | If checked a new TGT is obtained from the KDC. Username and password must be provided. | unchecked |
Use native system configuration | If checked the native Kerberos configuration is used (e.g. /etc/krb5.conf). | checked |
Use configuration file | If checked a custom configuration file could be used. | unchecked |
Use following configuration | If checked the Kerberos configuration parameters (realm, host, port) could be set in the dialog. | unchecked |
On the third page you could enter additional browser options .
Option | Description | Default |
---|---|---|
Get base DNs from Root DSE | If checked the base DNs are fetched from namingContexts attribute of the Root DSE. | checked |
Fetch Base DNs | Use this function to get the namingContext values from the Root DSE. The returned values will appear in the 'Base DN' drop-down list. | - |
Base DN | The base DN to use. You may enter a DN manually or you may select one from the drop-down list. This field is only enabled if the option 'Get base DNs from root DSE' is off. | empty |
Count Limit | Maximum number of entries returned from server when browsing the directory, it is also used as default value when searching the directory. A value of 0 means no count limit. Note that this value is a client-side value, its possible that also a server-side limit is used. | 1000 |
Time Limit | The maximum time in seconds the server searches for results. This is used as default value when browsing or searching the directory. A value of 0 means no limit. Note that this value is a client-side value, its possible that also a server-side limit is used. | 0 |
Alias Dereferencing | Specifies whether aliases should be dereferenced while finding the search base entry or when performing the search or both. To manage (create, modify, delete) alias objects you have to uncheck both options. | Both finding and searching |
Referrals Handling |
Specifies the referral handling.
| Follow Referrals manually |
Use ManageDsaIT control while browsing | If enabled the ManageDsaIT control is sent to the server in each request. This signals the directory server to not send referrals and search continuations, but return the special referral objects. This only works if the directory server supports the ManageDsaIT control. | unchecked |
Fetch subentries while browsing | If enabled enabled both, normal and subentries according to RFC 3672 are fetched. This causes additional search requests while browsing the directory. | unchecked |
Paged Search | If enabled the simple paged result control is used while browsing the directory. With the page size you could define how many entries should be retrieved in one request. If Scroll Mode is enabled only one page is fetched from the server at once while browsing, you could 'scroll' through the pages by using the 'next page' and 'top page' items. If disabled all entries are fetched from the server, the paged result control is only used in background to avoid server-side limits. | unchecked |
Fetch operational attributes while browsing | If enabled enabled both, user attributes and operational attributes are retrieved while browsing. If the server supports the feature 'All Operational Attributes' then a '+' is used to retrieve operational attributes, otherwise all operational attributes defined in the schema are requested. | unchecked |
On the fourth page you could enter additional edit options.
Option | Description | Default |
---|---|---|
Modify Mode |
Specify the modify mode for attributes with an equality matching rule.
Description of options:
| Optimized Modify Operations |
Modify Mode (no equality matching rule) |
Specify the modify mode for attributes with *no* equality matching rule.
Description of options:
| Optimized Modify Operations |
Modify Order | Specify the modify order when using add and delete operations. | Delete first |