Enabling LDAP/LDAPS Authentication Against Active Directory Summary

This document describes how to set up your Softrip environment to authenticate your internal users against your Active Directory instead of using Softrip's own authentication mechanism.

Prerequisites

• Ensure that your application server (hosting the STServerService and STServerWeb applications) can communicate with your Active Directory on the appropriate ports:

  • LDAP uses TCP 389

  • LDAPS uses TCP 636

• Test that you have the correct settings

  • Use Softrip's LDAP tester application to check that you have the appropriate settings:
    https://download.softrip.com/download/stn/LDAPSTester.exe

Softrip Global Settings

This section describes the global Softrip settings to indicate the Active Directory endpoint to use for authentication.

Once you confirm that you have the correct settings on-hand from the LDAPSTester, you can enter those settings here.

1. Log in to your Softrip back-office application (SoftripNext)

2. Got to "Security - System Settings":

   Open

   

3. In the System Settings, open the "System Settings - All Settings" screen:

   Open

   

4. In the "Defaults" screen, create a new Default record using the "+" button on the grid:

5. Fill in the details for this setting:

   1. DefaultID should be "LDAPCONNECTIONSTRING"

   2. Description should be "LDAP Connection String"

   3. Value is your LDAP or LDAPS connection string (including the correct port for LDAP/LDAPS). You should use the connection string that was confirmed to be correct from the LDAPS Tester tool.
      For example:
      LDAP://activedirectory.domain.com:636/DC=domain,DC=com

6. Save changes

7. Restart your Softrip middle tier applications for the new setting to take effect

   1. For STServerWeb (SoftripNext), recycle its application pool on your application server's IIS instance

   2. For STServerService (SoftripNet), restart the STServerService Windows service on your application server

Updating User Records to Enable AD Authentication

Each internal user that should authenticate against Active Directory must be configured as such. This gives you more control over which of your staff should use AD authentication.

1. Log in to your Softrip back-office application (SoftripNext)

2. Go to "Security - Users"

3. Search for the user to be updated

4. Edit the user record:

5. In the user record's "Codes" field, add<ADAuth>Y</ADAuth>

6. Save changes

7. Note that this user will have to log out of all Softrip applications for this new authentication method to take effect.