LDAP Connections
An LDAP Connection defines the network-level details required for a USP Server instance to communicate with an external LDAP directory service.
LDAP authentication can be used as:
- An Auth Source, allowing Users to authenticate to USP Manager against an LDAP directory.
- An Inbound Authentication Source within a Rule, allowing USP Server instances to validate client credentials against enterprise identity systems.
LDAP Connections provide only the connection-level configuration. The authentication logic, including binding credentials, search filters, and user matching, is defined separately in an associated LDAP Query.
If the LDAP server is behind a firewall, it can be reached through a Tunnel and a Proxy Client. For more information, refer to Deployments.
LDAP Connection Administration via USP Admin UI
Adding an LDAP Connection
To add an LDAP Connection, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Connections.
- Click Add LDAP Connection.
- Complete the details for the new LDAP Connection using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the LDAP Connection. |
| Yes |
| Description | The description of the LDAP Connection. | No | |
| Hostname | The address (hostname or IP) of the LDAP connection. | Must be in PEM format. | Yes |
| Port | The port used for the LDAP connection. | Yes | |
| Use SSL/TLS Connection | Enables or disables the LDAPS protocol. | Yes | |
| CA Certificate | The CA Certificate is used to validate the LDAP server's certificate. | Must reference an already created CA Certificate. | Yes, if Use SSL/TLS Connection is enabled. |
Editing an LDAP Connection
To edit an LDAP Connection, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Connections.
- Click the Name of the LDAP Connection you want to edit.
- Click the Edit button above the LDAP Connection details.
- Edit the details of the LDAP Connection using the Field Descriptions table as a guide.
- Click Save.
If you modify a LDAP Connection that is currently in use by a USP Server instance, the changes will not take effect until you manually apply the updated configuration by pushing it to the server. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Updated Configuration column.
- If the changes are correct, click Push Configuration.
LDAP Connection Metadata
LDAP Connection details include all parameters given in the Field Descriptions table, plus the following read-only metadata:
| Name | Description |
|---|---|
| ID | Universally Unique Identifier of this LDAP Connection. |
| Created At | Date and time this LDAP Connection was created. |
| Updated At | Date and time this LDAP Connection was last updated. |
Deleting an LDAP Connection
To delete an LDAP Connection, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Connections.
- Click the Name of the LDAP Connection you want to delete.
- Click the Delete button above the LDAP Connection details.
- You will be asked to confirm the deletion. Click Delete.
USP Manager prevents deletion of an LDAP Connection if it is currently referenced by a Rule or LDAP for Users.
Additionally, if the LDAP Connection is used by a USP Server instance, the updated configuration must be manually applied. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Candidate Configuration - Preview section.
- If the changes are correct, click Push Configuration.
The changes do not take effect on the server until this step is completed.