Authentication Database Settings

You can set authentication databases.
When using an LDAP server, depending on the specifications, you must prevent users from logging in with an empty password,
For details, see the password restrictions.

Adding Authentication Databases

Add an LDAP server as a Garoon authentication database.

Steps:

  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Authentication database.

  6. Click Add on the "Authentication database" screen.

    Image of the link to add authentication database

  7. On the "Add Authentication Database - Step 1/2", confirm that "LDAP" is selected as the authentication database type and then click Next.

  8. On the "Add Authentication Database - Step 2/2" screen, set the required items.

    Image showing the addition of authentication database

    For details on the setting items, see the "Authentication Database Setting Items" section.

  9. Confirm your settings and click Add.

Authentication Database Setting Items

Set following items for authentication database.

Item Description
Name Enter a display name for the authentication database.
The name is mandatory.
Use of SSL Select the check box to encrypt the contents sent to the server using TLS.
Server name Enter the server name of the authentication server you want to use.
The server name must be one of the following.
  • FQDN of the LDAP server
  • Host Name
  • IP addresses
This Server name must be set.
port number Enter the port number that you want to use for authentication.
This field is disabled if you are using TLS for communication with the server.
This port number must be set.
Use Anonymous Select the check box to use Anonymous user to communicate with the LDAP server.
Account name Enter the user who communicates with the LDAP server, in the DN format or in the e-mail address format (UserPrincipalName).
This field is disabled when using Anonymous.
This account name must be set.
password Enter the password for the account.
This field is disabled when using Anonymous.
This password must be set.
Confirm Password Enter the password that you entered in the "Password" field.
This field is disabled when using Anonymous.
This confirmation password must be set.
Base DN for Search Enter the base DN for search.
Example: dc=cybozu, dc=sample, dc=com
Search Filter Enter a search filter.
Example: (sAMAccountName =% s)
Authentication type Select an authentication type.
The following authentication types are available.
  • PlainText password (simple authentication)
  • SASL DIGEST-MD5
  • SASL CRAM-MD5
Connection conditions Select "Set connection conditions" only when you want to set conditions for connecting to an LDAP server.
  • Login name:
    Specify login name for the LDAP server by using one of the following conditions.
    Up to 100 characters can be entered.
    • Prefix is equal to:
      Specify the prefix of login name.
      Example: "ldap_○○○"
    • Suffix is equal to:
      Specify the suffix of login name.
      Example: "○○○_ldap"
  • Exclude prefix or suffix from login name for authentication:
    Select the check box to exclude the conditions for login name that you configured above, when authenticating users on an LDAP server.

Changing Authentication Databases

Change the authentication database's display name, server name, and so on.
You cannot change settings for standard database.

Steps:

  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Authentication database.

  6. On the "Authentication database" screen, click the display name of the authentication database you want to change.

  7. On the "Authentication Database Details" screen, click Edit.

    Image of the edit action link

  8. On the "Change Authentication Database" screen, change the settings as necessary.

  9. Confirm your settings and click Save.

Reordering Authentication Databases

If multiple authentication databases have been added by the administrator, you can reorder them.
However, "standard database" cannot be reordered. It always appears at the top.

Steps:

  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Authentication database.

  6. On the "Authentication Database" screen, click Reorder authentication databases.

    Image of the link to reorder authentication database

  7. On the "Reorder Authentication Databases" screen, change the display order of authentication databases.

  8. Confirm your settings and click Save.

Deleting Authentication Databases

You can delete the authentication database.
If you delete authentication database that is used for login authentication and session authentication, the authentication database that is used for authentication is automatically replaced by the standard database.
You cannot delete the standard database.

Steps:

  1. Click the Administration menu icon (gear icon) in the header.

  2. Click System settings.

  3. Select "Basic system administration" tab.

  4. Click Authentication.

  5. Click Authentication database.

  6. On the "Authentication Database" screen, select the check box for the authentication database you want to delete, and then click Delete.

    Image of selecting authentication databases to delete

  7. Click Yes on the "Delete all authentication databases" screen.