Configuring LDAP Authentication and Authorization

To learn more about integrating your LDAP server for authenticating users and authorizing user access to MediaSpace with a specific application role, refer to Kaltura MediaSpace Authentication and Authorization Solutions – Overview and Kaltura MediaSpace LDAP Integration Guide.

To configure user authentication through your LDAP server

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
    After you complete and verify the following steps, click Save.
  2. Under authNAdapter, select LDAP AuthN.
  3. Select your preferences for the common login options.
  4. Under refreshDetailsOnLogin, select your preference.
    This option affects the updating of the user’s first name, last name, and email address (when provided) from your LDAP system upon every login.
  5. Under ldapServer:
    1. Select the LDAP Server access and bind settings.
      Your bindMethod selection will affect the information you need to provide for authenticating the user.

      LDAP Server Configuration – bindMethod selection


      LDAP Server Configuration - Direct Bind options


      LDAP Server Configuration - Search before Bind options
    2. Select the LDAP attributes for first name, last name and email address.
      Populating the user’s first and last name is used for several MediaSpace options that require the user name.
      The email address is optional. This field is useful for user management and for future features (such as email notifications).

      LDAP Server Configuration - Email options
  6. If you are using your LDAP server to authorize user access to MediaSpace with a specific application role, continue with the next procedure. If not, select a different authorization method.

To configure user authorization through your LDAP server

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
    After you complete and verify the following steps, click Save.
  2. Under authZAdapter, select LDAP AuthZ.
  3. Under refreshRoleOnLogin, select your preference.
    This option affects the updating of the user’s role from your LDAP system upon every login.
  4. Under ldapOptions, select your preferences for getting the list of groups in which the user is a member.
    This option is used to determine the user's MediaSpace Application Role.
    Under groupsMatchingOrder, enter the order for matching MediaSpace roles to LDAP groups. The order determines whether the strongest or weakest role is mapped first.
    Your groupSearch selection will affect the information you need to provide.

    LDAP Authorization Options - Get Groups from User


    LDAP Authorization Options - Get User from Groups
  5. Under ldapGroups, select your preferences to define the mappings between the groups defined in your LDAP server and the MediaSpace Application Roles.
     
In This Article
Was this article helpful?
Thank you for your feedback!