Skip to content
  • There are no suggestions because the search field is empty.

LDAP Authentication Configuration Guide

Step-by-Step Setup for Secure LDAP Integration with Innoslate Enterprise

Prerequisites

Before configuring LDAP authentication, ensure the following requirements are met:

  • Innoslate Installation: Innoslate must be installed using the provided installer.

  • LDAP Server: An LDAP server must be installed, running, and accessible from the machine where Innoslate is installed.

  • Firewall Configuration: Ensure that Innoslate can communicate through the firewall with the LDAP server on the server’s configured communication port.

  • Authorization Information: Provide authorization credentials for a technical user or admin of the LDAP server, or enable anonymous binds by allowing anonymous access to the LDAP server for search queries.

  • Settings File: Locate the settings.properties file within the Innoslate installation directory at the following path:
    C:\Innoslate4\apache-tomcat-8.5.30\webapps\innoslate4\WEB-INF

  • Organizational Units (OUs): Innoslate’s LDAP authentication does not support configurations with multiple OUs. It is recommended to consolidate Innoslate users into a single OU for this authentication method.

  • Hierarchical OUs: Innoslate’s LDAP authentication does not support OUs configured hierarchically.

Important Note:

Any changes made to the settings.properties file require a restart of the Innoslate service for the changes to take effect.

LDAP Settings

1) LDAP Service Provider Class

Add the following to the settings.properties file:

LDAP_INITIAL_CONTEXT_FACTORY = com.sun.jndi.ldap.LdapCtxFactory

Description: Specifies the class name of the LDAP service provider to use for generating the initial context. The LDAP service provider class name must be included in the set of environment variables used to create the initial context.

Note: Most installations should not require modification of this setting.

2) LDAP Server URLs

Add the following to the settings.properties file:

LDAP_PROVIDER_URLS = ldap://ldap_url:389

Description: Specifies a comma-delimited list of LDAP server locations. This setting defines LDAP server URLs, which are parsed to create individual directory contexts for each server.

Note:

  • Specify each server location in the format ldap://[hostname]:[port].

  • If only specifying one server location, omit the comma.

  • Avoid including trailing slashes at the end of the server URLs.

  • Whitespace between server locations is automatically removed.

  • Most installations will require modification of this setting.

3) Authentication Mechanism

Add the following to the settings.properties file:

LDAP_SECURITY_AUTHENTICATION = simple

Description: Specifies the LDAP authentication mechanism. Supported values are simple or none.

Note:

  • The authentication mechanism names are not case-sensitive.

  • Most installations should not require modification of this setting.

4) Technical User DN

Add the following to the settings.properties file:

LDAP_SECURITY_PRINCIPAL = CN=Admin,CN=Users,DC=innoslateactive,DC=com

Description: Specifies the Distinguished Name (DN) of a technical user or admin with sufficient permissions to search the LDAP directory for Innoslate user and group entries.

Note:

  • Distinguished Names are not case-sensitive.

  • Most installations will require modification of this setting.

5) Technical User Password

Add the following to the settings.properties file:

LDAP_SECURITY_CREDENTIALS = ldap_password

Description: Specifies the password for the technical user or admin to authenticate to the LDAP server.

Note:

  • Passwords are case-sensitive.

  • Most installations will require modification of this setting.

6) User Context DN

Add the following to the settings.properties file:

LDAP_USER_CONTEXT = CN=Users,DC=innoslateactive,DC=com

Description: Specifies the DN of the OU (Organizational Unit) subtree containing entries for users who should be granted Innoslate access. This context string is used as the base for search operations to find the appropriate user entry during authentication.

Note:

  • Distinguished Names are not case-sensitive.

  • Most installations will require modification of this setting.

7) User ObjectClass

Add the following to the settings.properties file:

LDAP_USER_OBJECT_CLASS = user

Description: Specifies the objectClass required in each Innoslate user entry for authentication.

Note:

  • ObjectClass names are not case-sensitive.

  • Most installations will require modification of this setting.

8) User Unique Identifier

Add the following to the settings.properties file:

LDAP_USER_UID_ATTRIBUTE = sAMAccountName

Description: Specifies the name of the attribute in the Innoslate user entry that uniquely identifies each user. This attribute is appended to the user’s DN and compared to the DNs of objects in the user context.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

9) Authentication System Type

Add the following to the settings.properties file:

AUTHENTICATION_TYPE =LDAP

Description: Specifies the authentication system used for Innoslate access. Options include NATIVE or LDAP.

Note:

  • Set this to LDAP for LDAP authentication.

  • This setting is case-sensitive and must be in uppercase.

  • All installations will require modification of this setting.

10) Connection Timeout

Add the following to the settings.properties file:

LDAP_CONNECT_TIMEOUT = 1000

Description: Specifies the timeout (in milliseconds) for connecting to the LDAP server. If the connection is not established within this time, the attempt will be aborted.

Note: Most installations should not require modification of this setting.

11) Read Timeout

Add the following to the settings.properties file:

LDAP_READ_TIMEOUT= 5000

Description: Specifies the timeout (in milliseconds) for reading data from the LDAP server. If the server does not respond within this time, the read attempt will be aborted.

Note: Most installations should not require modification of this setting.

12) User Email Attribute

Add the following to the settings.properties file:

LDAP_USER_EMAIL_ATTRIBUTE = mail

Description: Specifies the attribute name used to populate the user’s email address in their Innoslate profile.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

13) User First Name Attribute

Add the following to the settings.properties file:

LDAP_USER_FIRST_NAME_ATTRIBUTE = givenName

Description: Specifies the attribute name used to populate the user’s first name in their Innoslate profile.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

14) User Last Name Attribute

Add the following to the settings.properties file:

LDAP_USER_LAST_NAME_ATTRIBUTE = sn

Description: Specifies the attribute name used to populate the user’s last name in their Innoslate profile.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

14) User Phone Number Attribute

Add the following to the settings.properties file:

LDAP_USER_PHONE_NUMBER_ATTRIBUTE = telephoneNumber

Description: Specifies the optional attribute used to populate the user’s phone number in their Innoslate profile.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

15) User Company Attribute

Add the following to the settings.properties file:

LDAP_USER_COMPANY_ATTRIBUTE = company

Description: Specifies the attribute used to populate the user’s company name in their Innoslate profile.

Note:

  • Attribute names are not case-sensitive.

  • Most installations will require modification of this setting.

16) User Search Filter

Add the following to the settings.properties file:

LDAP_USER_SEARCH_FILTER = (&(objectClass=user)(sAMAccountName={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Description: Authorizes Innoslate to apply the defined LDAP user search filter when identifying users eligible for system access.

Note:

  • Attribute names are NOT case-sensitive.

  • Most installations will require modification of this setting.

Troubleshooting LDAP

If you encounter issues with LDAP authentication, follow these troubleshooting steps:

1) Review Log Files

The Innoslate log files are located in the following directory:
C:\Innoslate4\apache-tomcat-8.5.30\logs

  • For general server issues, check the catalina log.

  • For errors, check the stderr log.

2) Common Errors and Resolutions

Error Resolution
java.net.ConnectException Ensure your LDAP server is running and accessible from Innoslate. Verify the firewall settings and the LDAP server URLs in the settings.properties file.
org.apache.shiro.authc.UnknownAccountException: Invalid LDAP_SECURITY_AUTHENTICATION setting Check that the authentication mechanism specified in the LDAP_SECURITY_AUTHENTICATION setting is correct.
org.apache.shiro.authc.UnknownAccountException: Unable to authenticate. Unable to successfully bind anonymously Verify that your LDAP server allows anonymous binds and enables search queries via anonymous access.
javax.naming.NoPermissionException: INSUFFICIENT_ACCESS_RIGHTS Ensure that the technical user or admin has sufficient permissions to search the directory.
javax.naming.NameNotFoundException: NO_SUCH_OBJECT Verify that the DN provided for the user or group context exists and is correct.
org.apache.shiro.authc.UnknownAccountException: Unable to search directory for user Ensure the attribute specified in LDAP_USER_UID_ATTRIBUTE is correct.
javax.naming.AuthenticationException: INVALID_CREDENTIALS Verify the username and password entered during login.