Adding a new LDAP configuration

Getting there

To create and manage your LibAuth profiles, go to LibApps > Admin > LibAuth Authentication.

Navigating to the Manage Authentication page


Before you begin

Although LibAuth does support LDAP, please note that it is far more complicated service to work with compared to SAML or CAS. In addition, unlike SAML and CAS, group permissions are not supported with LDAP. If your institution supports either SAML (including Shibboleth & ADFS) or CAS, we highly recommend using one of those options instead of LDAP.

If you would like to proceed with setting up your new LDAP configuration, you'll want to work with your IT staff on the following:

Permissions

  • Your IT staff must make sure that your LDAP server port (typically 389, 636, or 3269) is open to our server's IP address, as indicated on the LDAP configuration page. Our IP address varies by region, as follows:
    • Canadian customers: 52.60.190.144
    • European customers: 34.251.14.142
    • Asia-Pacific customers: 13.237.173.81
    • All other customers: 54.235.93.96

Server Information

  • Optain the following information for your LDAP server from your IT staff:
    • URL to your LDAP service, starting with ldap:// or ldaps://
    • The port number on which your LDAP service is running (e.g. 389, 636, or 3269)
  • Obtain the following LDAP parameters from your IT staff (note that Springshare uses LDAP Prefix + Username + LDAP Postfix to build the binding string for authentication):
    • LDAP Prefix
      • ‚ÄčPlease note that a prefix is typically needed for most configurations.
      • The exact prefix depends upon how your system is set up. If you haven't already, please consult your IT staff for the correct prefix to use.
    • LDAP Postfix (if you provided a prefix, the postfix must begin with a comma)
      • Please note that a postfix is always needed.
      • The exact postfix depends upon how your system is set up. If you haven't already, please consult your IT staff for the correct postfix to use.
      • To use multiple postfixes, separate each with a | (pipe) and no spaces
    • Search base (this allows you to specify the base Distinguished Name, including the Organizational Unit (OU) and Domain Component (DC), for your organization)
    • Search username (this is the name of the LDAP field that will be searched)
      • In most (but not all) cases, this will be uid.
    • Init binding string (this is the binding string required by some LDAP servers in order to release attributes)
      • Enter the full path, which will look something like cn=ldapreader,dc=plsinfo,dc=org (depending upon how your system is configured).
    • Binding password (this is the binding password required by some LDAP servers in order to release attributes)

Attributes

  • Obtain the attributes used for First Name, Last Name, and Email from your IT staff
Your mileage may vary: we understand that everyone's authentication system may be set up differently than what's considered standard. Because we can't anticipate all of the possible setup variations, your mileage may vary from what's covered in these guides. Please work closely with your IT staff and don't hesitate to contact Springy Support if you need any help!

Adding a new LDAP configuration

  1. If you have not yet created a LibAuth configuration, skip to Step 2. Otherwise, click on the Add Configuration button to create another one.
  2. Below the Search for Your Institution dropdown, click on the Manual Configuration link.
  3. Select LDAP as your authentication protocol.
  4. Configure your server information & parameters.
    1. Enter the LDAP URL provided by your IT staff
    2. Enter the LDAP Port number for your server, as indicated by your IT staff
    3. Enter the LDAP Prefix provided by your IT staff
    4. Enter the LDAP Postfix provided by your IT staff
    5. Enter the Search Base provided by your IT staff
    6. Enter the Search Username provided by your IT staff
    7. Enter the Init Binding String provided by your IT staff
    8. Enter the Binding Password provided by your IT staff
  5. Configure the attributes released from your server.
    1. Enter the field name of the attribute that contains the user's first name. (Optional, but recommended.)
    2. Enter the field name of the attribute that contains the user's email address. (Required.)
    3. Enter the field name of the attribute that contains the user's last name. (Optional, but recommended.)
  6. Give your configuration a name.
  7. If you'd like, you can also provide notes or details about this configuration for your reference.
  8. Select "Yes" or "No" to indicate if you would like to use your LibAuth configuration to sign into LibApps. This will give staff the option of signing in using your authentication system, or with their LibApps username and password.
  9. Click the Save Configuration button.

Screenshot of the Add Configuration button

Clicking to set up a manual configuration

Example of setting up a SAML configuration 

Related Articles