Skip to main content

Setting Up OpenLDAP Access to Key Manager

Key Manager supports LDAP access. This allows existing LDAP users to log in to Key Manager, and to perform management tasks using Key Manager. To enable access to Key Manager for you OpenLDAP users, follow the instructions for setting up Key Manager for AD users at Setting Up Active-Directory Access to Key Manager, with the following modifications:

Additional prerequisites for using OpenLDAP with Key Manager:

  • User accounts on the OpenLDAP server must be of classification inetOrgPerson.

  • User entries must contain group membership information in memberOf attribute. Note that this is not enabled by default in OpenLDAP servers.

  • Groups must be of classification groupOfNames.

When configuring new LDAP domain as per the instructions in the first step of Configuring Key Manager to Connect to the AD Server, note the following changes:

  • Distinguished name used to do initial bind to fetch data with: with OpenLDAP, use the full distinguished name for the bind user. For example uid=johndoe,dc=openldap,dc=example,dc=com.

  • LDAP user attribute for quering authenticating users. For OpenLDAP only. Enter the user attribute by which Key Manager ẃill identify users. The default, and recommended attribute is uid.