LDAP Queries
An LDAP Query defines the directory-level logic that a USP Server instance uses to search and perform authentication against an external LDAP directory service.
LDAP authentication can be used as:
- An Auth Source, allowing Users to authenticate to USP Manager against an LDAP directory.
- An Inbound Authentication Source within a Rule, allowing USP Server instances to validate client credentials against enterprise identity systems.
LDAP Queries define the directory-level logic used to perform user lookups and authentication. They operate in conjunction with an LDAP Connection, which specifies the network-level access to the LDAP server.
LDAP Query Administration via USP Admin UI
Adding an LDAP Query
To add an LDAP Query, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Queries.
- Click Add LDAP Query.
- Complete the details for the new LDAP Query using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the LDAP Query. |
| Yes |
| Description | The description of the LDAP Query. | No | |
| Bind DN | Distinguished Name (DN) used to bind to the LDAP server. | Yes | |
| Bind Password | Password for the Bind DN. | Yes | |
| Base DN | Base DN for searching in the LDAP directory. | Yes | |
| User Filter | LDAP search filter. | For example, (objectClass=person). | Yes |
| User ID Attribute | The LDAP attribute used for user identification. | For example, uid. | Yes |
Editing an LDAP Query
To edit an LDAP Query, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Queries.
- Click the Name of the LDAP Query you want to edit.
- Click the Edit button above the LDAP Query details.
- Edit the details of the LDAP Query using the Field Descriptions table as a guide.
- Click Save.
If you modify a LDAP Query that is currently in use by a USP Server instance, the changes will not take effect until you manually apply the updated configuration by pushing it to the server. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Updated Configuration column.
- If the changes are correct, click Push Configuration.
LDAP Query Metadata
LDAP Query details include all parameters given in the Field Descriptions table, plus the following read-only metadata:
| Name | Description |
|---|---|
| ID | Universally Unique Identifier of this LDAP Query. |
| Created At | Date and time this LDAP Query was created. |
| Updated At | Date and time this LDAP Query was last updated. |
Deleting an LDAP Query
To delete an LDAP Query, follow these steps:
- From the Sidebar, click Authentication > LDAP.
- Click LDAP Queries.
- Click the Name of the LDAP Query you want to delete.
- Click the Delete button above the LDAP Query details.
- You will be asked to confirm the deletion. Click Delete.
USP Manager prevents deletion of an LDAP Query if it is currently referenced by a Rule or LDAP for Users.
Additionally, if the LDAP Query is used by a USP Server instance, the updated configuration must be manually applied. To apply the changes:
- Navigate to Monitoring > Status.
- Click the Name of the associated USP Server instance.
- Go to the Configuration tab.
- Review the pending changes in the Candidate Configuration - Preview section.
- If the changes are correct, click Push Configuration.
The changes do not take effect on the server until this step is completed.