Primary Server Hostname and Port Number

Hostname or IP address of the primary LDAP directory server, and the Port number of the primary LDAP server. You must change this option to the port used for SSL connections if you have enabled encryption.

Secondary Server Hostname and Port Number

Hostname or IP address of the secondary LDAP directory server. Port number of the secondary LDAP server. You must change this option to the port used for SSL connections if you have enabled encryption.

Connect Timeout (seconds)

Time elapsed without establishing a connection to the LDAP server. If a connection is not established within the defined number of seconds, an error is returned.

Read Timeout (seconds)

Time elapsed without a response to a request for data from the LDAP server. If no response is received within the defined number of seconds, an error is returned.

Encryption

Encryption type required for communication with the LDAP server(s). Supported options are None, StartTLS, and SSL.

Referrals

Authentication follows the referrals provided by the server. The default is to use whatever the LDAP directory server is configured to do.

External Authentication Server Allows Anonymous Binds

Optionally allow Anonymous binds. When unchecked, MySQL Enterprise Monitor provides for a pre-auth bind user to lookup account records. For Active Directory, the most common user account attribute is sAMAccountName, whereas it is common for Unix-based LDAP to use CN. If the Active Directory server is not configured to honor CN binds, it cannot fetch credentials.

Authentication Mode

The authentication mode to use.

User Full Name Attribute Name

Define the user fullname attribute. This enables the system to return the fullname of the user.

Search by User Distinguished Name (DN) Pattern

In the User Search Patternfield, define the pattern specifying the LDAP search filter to use after substitution of the username, where {0} defines where the username should be substituted for the DN.

Search by User Attribute Pattern

In the User Search Base (leave blank for top level) field, define the value to use as the base of the subtree containing users. If not specified, the search base is the top-level context.

To search the entire subtree, starting at the User Search Base Entry, enable Search entire subtree. If disabled, a single-level search is performed, including only the top level. To include nested roles in the search, enable Search Nested Roles.

User Search Attribute Pattern

The attribute pattern to use in user searches.

Map External Roles to Application Roles

Specifies whether the roles defined in LDAP should map to MySQL Enterprise Monitor application roles. If enabled, and LDAP is not configured to be authoritative, if a user authenticates successfully via LDAP and has a valid mapped role, they are granted permissions to the application. Roles are mapped according to the entries in the Application Role/LDAP Role(s) fields, which take comma-separated lists of LDAP roles to map to the given MySQL Enterprise Monitor roles. If you select this option, additional fields are displayed which enable you to configure how roles are found in the LDAP server.

Domain

The Active Directory Domain.

Primary Server Hostname

Hostname of the Active Directory server to use.

Secondary Server Hostname

Secondary Active Directory hostname. This is optional.

Map LDAP Roles to Application Roles

Whether the roles defined in Active Directory can be mapped to those defined in MySQL Enterprise Monitor.