Skip to main content
Version: Early Access

Agility Connect LDAP or Active Directory Configuration

Overview

This article describes the process of setting up Agility Connect user authentication with LDAP or Active Directory.

Agility Connect Application Authentication

Agility Connect supports two forms of user authentication: local authentication or Active Directory/LDAP. In the case of local user authentication the user ids and passwords are stored in the Agility Connect database (passwords encrypted). When a user request is made to login to Agility Connect and the user is a local account, the password provided is compared to the password in the Agility Connect database.

If the user is an LDAP/AD user account, the user id / password provided is submitted using LDAP to the directory service and the determination is made when the account can log in. These LDAP/AD accounts must be predefined in Agility Connect, but the password is not stored in Agility Connect or logged in any way.

Point Configuration to LDAP/AD

Log in to the Agility Connect user interface as a user with administrator access. On the sidebar, click the Settings icon > SettingsSystem.

There are three settings that will potentially need to be modified: LDAP/AD Port, LDAP/AD Server, LDAP/AD SSL. The Server setting is the only required setting, if Port is not changed then Agility Connect will use the default ports for LDAP/AD. If SSL is not changed Agility Connect will not use SSL.

The LDAP/AD Server setting should be the FQDN or IP address of the Active Directory or LDAP service. Click the "+" plus sign on the row of the setting and enter the server address. Do the same for the Port and SSL settings if needed. The SSL setting is a check box.

When you are finished with making the changes, click the blue "Save" button in the upper right corner. This settings page DOES NOT auto-save.

You must restart the Agility Connect user interface web server using the following command:

as-restart ctm-ui

Create a Test Account

Log in to the Agility Connect user interface using an administrator account. In the upper right menu, select Administration, Manage Settings. In the top menu select Users.

Create a new user account and fill in the values for Login ID, Full Name and Email Address. The Login Id can be in the following two forms:

userid@domain.example.com

Or

domain\userid

Change Authentication Type to ldap and save the user account.

From the upper right menu, select Log Out. Log back in using the new user account to verify that LDAP / AD authentication is working properly.

Troubleshooting

If there are problems with connecting to LDAP / AD the log in which the specific errors will appear can be found on the Agility Connect server:

/var/agilitysync/log/as_ui.log

Typical issues consist of wrong LDAP server address, wrong port (default is 389), network connectivity, and so on.