Creating LDAP authentication realms

You can create an LDAP authentication realms to manage user access.

To manage authentication realms, you must have the Manage Security Realms system permission.
  1. From the IBM® UrbanCode™ Release dashboard, click Manage Security, and then click Manage Authentication Realms.
  2. On the Manage Authentication Realms page, click Add New.
  3. In the Name field, enter a name for the authentication realm.
  4. In the Authorization list, select the authorization realm.
  5. In the Type list, select LDAP or Active Directory.
  6. If you want the new realm to be enabled, ensure that the Enabled box is selected.
    New realms are enabled by default.
  7. Define the realm by completing the following parameters:
    Table 1. Authentication Realm properties
    Field Description
    LDAP URL URL to the LDAP server beginning with ldap:// or ldaps://. Separate servers with spaces.
    User Search Base When you search multiple directories, this parameter specifies the starting directory that is used for searches, such as ou=employees,dc=mydomain,dc=com.
    User Search Filter When you search multiple directories, this parameter specifies the LDAP filter expression that is used to search for user entries. The name is substituted in place of 0 in the pattern, such as uid={0}. If the value is not part of the DN pattern, wrap the value in parenthesis, such as (accountName={0}).
    Search User Subtree When you search multiple directories, check this box to search directories below the base directory.
    Search Connection DN The complete distinguished name to use when you bind to LDAP for searches. If not specified, an anonymous connection is made.
    Search Connection Password The password that is used when you bind to LDAP.
    Name Attribute Contains the user's name, as set in LDAP.
    Phone Attribute Contains the user's phone number, as set in LDAP.
    Note: This field is available if the Phone Numbers switch on the System Settings page is enabled.
    Email Attribute Contains the user's email address, as set in LDAP.
    Allowed Failed Login Attempts Number of failed attempts before the user is locked out. To disable this feature, enter 0.
  8. Click Save.
When a new user logs on using their LDAP credentials, a corresponding IBM UrbanCode Release user is created.
Import users from the LDAP authentication realm. Users that match the search criteria are imported into IBM UrbanCode Release and user accounts are created for them. In addition, groups that the imported users belong to are imported from the related authorization realm. After users and groups are imported, assign them to teams. Users without team assignments are limited to view-only permissions.