LDAP Configuration
LDAP (Lightweight Directory Access Protocol) provides simplified, centralized resources and security administration for large organizations. ICE Server supports any LDAP service that allows authentication using email address, such as Microsoft Active Directory Lightweight Directory Services (AD LDS). The LDAP configuration information detailed below assumes the use of AD LDS, as it is the most commonly deployed LDAP solution.
Supported AD LDS Versions:
Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2When enabled, users logging in to an ICE Server will provide their Active Directory email address (mapped to userPrincipalName by default). All ICE users authenticating through AD LDS are assigned a standard user role on the ICE Server.
Important: Do not pre-create any user accounts on the ICE Server that will be managed through LDAP user authentication. When a user logs into ICE Server for the first time using LDAP authorization, a standard ICE user account is automatically created for them. After that initial login and standard account creation, ICE administrators may adjust the user role as needed, (for example, making them an Administrator or a Workflow Administrator).