Jump to: navigation, search

Using LDAP

Using LDAP in a Multi-Tenant Configuration

Important
Genesys strongly recommends that, if there are multiple distributed Configuration Servers, all LDAP servers should be configured at the Tenant level to simplify the configuration of external authentication.

You can set LDAP configuration options at the Tenant level, in the Tenant object’s Annex. This activates external authentication only for users belonging to that Tenant. You can override the Application-level settings at the Tenant level, by configuring the following in the Tenant’s Annex, as follows:

      [authentication] library=’internal’

This disables external authentication for all users who belong to that Tenant, and they are authenticated internally.

You can also configure multiple servers at the Tenant level, one each in a gauth_ldap_n section, as described in Configuring LDAP Servers.

Using LDAP Referrals

Starting in release 8.1.2, Configuration supports the use of LDAP referrals. This enables authentication to occur at an LDAP server other than the server to which Configuration Server sent the authentication request.

Important
Full referrals are supported for servers existing in a Microsoft Active Directory. Full referral is not yet supported for multiple directories contained in the referral. If the referral contains more than one server, only the first referral is processed; the rest of the referrals are ignored.

When Configuration Server sends a request to the LDAP Server, it may receive in response not an authentication result, but a referral to another server. If activated, Configuration Server searches for the referred server, binds to it, and reissues the authentication request.

To configure how Configuration Server handles referrals, or to deactivate the use of referrals, use the chase-referrals option (see chase-referrals) in the gauth_ldap or gauth_ldap_n section at the Tenant, Application, or User level.

Important
If the LDAP configuration at the customer site consists of multiple LDAP servers, Genesys recommends that you configure each Tenant and/or individual User to be authenticated using the LDAP server that holds the authentication information for those Users, instead of relying on referrals from a single LDAP server. Configuring Configuration Server to chase referrals might lead to delays during login, and increase the risk of login failures because of the timeout expiring. Use of referrals should be considered only if a small number of user accounts depend on it.

If connection to the referred server fails, Configuration Server applies its configured retry-interval (see retry-interval) and retry-attempts (see retry-attempts) to the LDAP server to which it originally sent the request.

This page was last edited on August 1, 2014, at 14:21.
Comments or questions about this documentation? Contact us for support!