Configuring LDAP Simple Bind authentication
You must configure the LDAP Simple Bind settings to use this authentication method.
About this task
To configure the LDAP Simple Bind authentication method, complete the following steps:
Procedure
- In the IBM® MFA GUI, click the Authentication Methods tab.
- Select the LDAP Simple Bind authentication method.
-
Use the following table to specify the LDAP Simple Bind authentication
method:
Table 1. LDAP Simple Bind Authentication Method Attributes Setting Allowed Values Description Trace Level 0 through 3 The trace level used for tracing events. Valid values are 0 through 3, where the higher number increases the level of verbosity. The default is zero. LDAP Primary Server Valid host name or IP address The hostname (or IP address) of the primary LDAP server. The hostname must be sufficiently qualified for web clients to resolve the hostname.
LDAP Primary Server Port Valid port number The port number used on the primary LDAP server for authentication. Default: 636. LDAP Secondary Server Valid host name or IP address The hostname (or IP address) of the secondary LDAP server. This is required only if you have multiple servers. The default is blank.
The hostname must be sufficiently qualified for web clients to resolve the hostname.
LDAP Secondary Server Port Valid port number The port number used on the secondary LDAP server for authentication. This is required only if you have multiple servers. The default is 0.
LDAP Tertiary Server Valid host name or IP address The hostname (or IP address) of the tertiary LDAP server. This is required only if you have multiple servers. The default is blank.
The hostname must be sufficiently qualified for web clients to resolve the hostname.
LDAP Tertiary Server Port Valid port number The port number used on the secondary LDAP server for authentication. This is required only if you have multiple servers. The default is 0.
Receive Timeout Number of seconds, from 1 through 180 The number of seconds a server is allowed to take before a retry will occur if there is no response. The default is 3 seconds. Trusted CAs Path Valid path name The location of the PEM file containing the LDAP server CAs that will be trusted by the server. - Click Save.
- Restart the IBM MFA daemon, as described in Restarting the IBM MFA server.