Connecting to a Directory Server

This section provides instructions for connecting to an external LDAP or Active Directory server. When you connect Anzo to a directory server, Anzo inherits the user account information and groups from that server. Once the user and group information becomes available in Anzo, you must add the users or groups to Anzo roles to enable and control access to Anzo features.

To connect to a directory server and map user and role data:

  1. In the Anzo console, expand the Administration menu and click Directory. Anzo displays the Directory screen.

  2. On the Directory screen, click the Create New Server button. Anzo displays the Create New Server Configuration screen.

  3. Enter the connection details for the LDAP or Active Directory server:
    • Host: The host name or IP address for the server.
    • Port: The port to use to connect to the directory server.
    • SSL Connection: Indicates whether the directory server uses an SSL connection. Select the SSL Connection checkbox to enable the SSL connection. Make sure that you load the directory server's certificate to the Anzo server by following the instructions in Uploading a Signed Certificate to Anzo.
    • Anonymous Bind: This option indicates whether you want Anzo to connect to the directory server anonymously. To avoid Anzo login problems, make sure the directory server allows anonymous binding and searches when bound anonymously. Select the Anonymous Bind checkbox to enable anonymous binding.
    • User DN: The full distinguished name of the account that Anzo will bind against to perform searches on the directory server.
    • Password and Confirm Password: The password for the User DN.
  4. Click Save to save the server configuration and return to the Directory screen.
  5. On the Directory screen, click the User Configs tab. To configure the mapping attributes for users, click the Create New User Config button. Anzo displays the Create New Config dialog box.

  6. Provide the following details to map user information:
    • ID: Defines the unique name for this user configuration. Anzo uses this value as a namespace for usernames in case you connect to multiple directories with conflicting names.
    • User Base DN: The LDAP distinguished name that contains all of the Anzo system users.
    • LDAP Filter: An optional LDAP filter to apply when searching for users (usually left blank).
    • Attribute mapping information:
      • http://www.w3.org/1999/02/22-rdf-syntax-ns#type: The LDAP class of the type of accounts that should be logged on. Typically person.
      • http://openanzo.org/ontologies/2008/07/System#user: The attribute that contains user login information. Typically uid.
      • http://xmlns.com/foaf/0.1/name: The LDAP attribute that contains users' full names. Typically cn.
      • http://xmlns.com/foaf/0.1/title: The LDAP attribute that contains users' job titles. Typically title.
      • hhttp://xmlns.com/foaf/0.1/surname: The LDAP attribute that contains users' surnames. Typically sn.
      • http://xmlns.com/foaf/0.1/phone: The LDAP attribute that contains user phone numbers. Typically telephoneNumber.
      • http://xmlns.com/foaf/0.1/mbox: The LDAP attribute that contains users' email addresses. Typically mail.
      • http://openanzo.org/ontologies/2008/07/Anzo#location: The LDAP attribute that contains user location information.
      • http://xmlns.com/foaf/0.1/img:The LDAP attribute that contains images for users.
      • http://xmlns.com/foaf/0.1/givenname: The LDAP attribute that contains users' given (first) names. Typically givenName.
      • http://purl.org/dc/elements/1.1/description: The LDAP attribute that contains user descriptions. Typically description.
      • http://openanzo.org/ontologies/2008/07/Anzo#companyDepartment: The LDAP attribute that contains user department information. Typically department.
  7. Click Save to save the user configuration and return to the Directory screen.
  8. On the Directory screen, click the Role Configs tab. To configure the mapping information for roles, click the Create New Role Config button. Anzo displays the Create New Config dialog box.

  9. Provide the following details to map role information:
    • ID: Defines the unique name for this role configuration.
    • Base DN: The LDAP distinguished name that contains all of the system roles.
    • LDAP Filter: An optional LDAP filter to apply when searching for roles (usually left blank).
    • Attribute mapping information for the role:
      • http://www.w3.org/1999/02/22-rdf-syntax-ns#type: The group object class of the type of roles. Typically groupofnames.
      • http://xmlns.com/foaf/0.1/name: The LDAP attribute that contains the names of the roles.
      • http://xmlns.com/foaf/0.1/member: The LDAP attribute that contains common member attributes. Typically member or uniqueMember.
      • http://openanzo.org/ontologies/2008/07/Anzo#permission: The LDAP attribute that contains the permissions for the roles.
      • http://purl.org/dc/elements/1.1/description: The LDAP attribute that contains role descriptions.
  10. Click Save to save the role configuration and return to the Directory screen.
  11. At the top of the Directory screen, click the Default login namespace drop-down and choose the user configuration that you would like to designate as the default namespace to look in if the user does not qualify their username with an @ suffix. Internal indicates internal Anzo users who are added via the Anzo console. The other option is the ID that you specified when configured the new user.
  12. Restart Anzo to complete the configuration.

The user and group information from the server becomes available in Anzo. To enable and control access to Anzo features, add the users or groups to Anzo roles. See Managing Roles for instructions.