Skip to main content

XTM Cloud 13.8

LDAP server

Important

XTM Suite subscribers only!

If you have an existing LDAP server (e.g. Active Directory) it is possible to use it for the authentication of XTM users. This method of authentication allows companies to set their own password policies such as password expiry. It is also easier for Administrators to manage one common account for each user. Users can use one account name and password to log into several applications (such as XTM with LDAP authentication enabled).

Note

Before you enable LDAP authentication, make sure that each user has an account in XTM with the same login details as those within LDAP. Every account must exist in the XTM database, but the password is checked only on the LDAP server side.

LDAP authentication can be set to work in one of the following ways:

  • Users are authenticated using distinguished names (DN)

  • XTM uses an external service account to connect to LDAP. In this case, the users do not need to provide full user DNS. They can be found using different criteria such as sAMAccountName or their email address.

Enabling LDAP authentication

To enable LDAP authentication you have to edit the configuration file. The XTM LDAP configuration file is located in xtm/confs/common/ldap-conf.xml under XTM root dir (e.g. /xtm/ xtm/confs/common/ldap-conf.xml)

  1. Set active to yes.

  2. Set host to your LDAP server address.

  3. Set domain to your domain.

  4. Set correct userTableName (e.g. Users)

  5. If you want to enable logging into XTM only for a specified group of users set group-name to the group you want to allow to log in

  6. If you want to enable SSL (Secure Sockets Layer):

    1. Set SSL to yes

    2. Set keystore_path to Java’s keystore (the keystore must contain certificate of host from 2.b)

    3. Set keystore_password to Java’s keystore

After starting XTM you can log in using a username and password from the LDAP server.