Enabling LDAP/LDAPS Authentication Against Active Directory Summary
This document describes how to set up your Softrip environment to authenticate your internal users against your Active Directory instead of using Softrip's own authentication mechanism.
Prerequisites
Ensure that your application server (hosting the STServerService and STServerWeb applications) can communicate with your Active Directory on the appropriate ports:
LDAP uses TCP
389
LDAPS uses TCP
636
Test that you have the correct settings
Use Softrip's LDAP tester application to check that you have the appropriate settings:
https://download.softrip.com/download/stn/LDAPSTester.exe
Softrip Global Settings
This section describes the global Softrip settings to indicate the Active Directory endpoint to use for authentication.
Once you confirm that you have the correct settings on-hand from the LDAPSTester, you can enter those settings here.
Log in to your Softrip back-office application (SoftripNext)
Got to "Security - System Settings":
In the System Settings, open the "System Settings - All Settings" screen:
In the "Defaults" screen, create a new Default record using the "+" button on the grid:
Fill in the details for this setting:
DefaultID should be "
LDAPCONNECTIONSTRING
"Description should be "
LDAP Connection String
"Value is your LDAP or LDAPS connection string (including the correct port for LDAP/LDAPS). You should use the connection string that was confirmed to be correct from the LDAPS Tester tool.For example:LDAP://activedirectory.domain.com:636/DC=domain,DC=com
Save changes
Restart your Softrip middle tier applications for the new setting to take effect
For STServerWeb (SoftripNext), recycle its application pool on your application server's IIS instance
For STServerService (SoftripNet), restart the STServerService Windows service on your application server
Updating User Records to Enable AD Authentication
Each internal user that should authenticate against Active Directory must be configured as such. This gives you more control over which of your staff should use AD authentication.
Log in to your Softrip back-office application (SoftripNext)
Go to "Security - Users"
Search for the user to be updated
Edit the user record:
In the user record's "Codes" field, add<ADAuth>Y</ADAuth>
Save changes
Note that this user will have to log out of all Softrip applications for this new authentication method to take effect.