Polywall connects to Active Directory (AD) and allow to log in for user which was added in user table in Polywall Server settings without passwords.
The example of using LDAP:
1. Turn on "Enable security" and "Enable LDAP" checkboxes in Polywall Server configurator.
2. Fill all LDAP parameters for connection:
a. Connection URL - LDAP server address (should be provided by local IT department).
b. Name and Password - login and password for connecting to the LDAP server (should be the user who has access to a database).
c. User Base:
- OU is the Organization Unit.
In fact it is a folder of the AD in which users will be searched, it can be either 1 folder or the path to a specific folder (then it will look like this OU = Polymedia, OU = Users, OU = Accountants ).
- DC are domains, all levels should be entered.
d. User Search:
- (& (objectCategory = person) (objectClass = user)) is a filter for getting a list of ALL users in the folder that we specified in the User Base.
- (mailnickname = {0}) - this is the attribute* by which a user will be checked in the user database inside the Polywall.
It means that the mailnickname field in the AD and the Login field in "Edit user" menu of Polywall should match. If the user does not have such an attribute in the AD or does not match the login of the database, then there will be no verification.
The solution is to change the attribute to another, for example sAMAccountName = {0}. - domain account.
*There are a lot of attributes. To check them you can connect to AD server through LDAP Admin software and see settings of your LDAP server.
3. Go to "Edit user" settings and add new user
4. After the settings are finished only user1 and user2 (if they are in LDAP) will have an access to Designer. All other existed in LDAP users will encounter with access error after trying to log in.