LDAP tab

Enter the LDAP attributes in this tab.

Option Description
Accessing the LDAP Server

LDAP Server — Enter the LDAP server against which you want to authenticate the user.

Root Directory — Enter the directory from which to begin the LDAP query. If this field is left blank, the search starts at the LDAP default directory. Click Find Root to locate the default root of the LDAP server.

The structure of a directory service is hierarchic and can be seen as a directory tree: there is a root from where you can start to other entries. The root can contain containers (knots) and leaves. Containers themselves can contain other entries while leaves mark the end of a branch in a directory tree. Every entry in this directory describes an object and has specific attributes. Conceptually the root is the topmost entry in a LDAP hierarchy. This can be illustrated with the Windows file system: the hard disk C: is the root, the directories/folders are the containers and the files are the leaves.

The LDAP standard requires that all LDAP directories maintain a special entry, called the Root DS Entry, or Root DSE. This entry provides a set of standard operational attributes that the user can read to find out fundamental characteristics of the directory and the server. The Root DSE can also provide any number of vendor-specific attributes.

One of the standard operational attributes is defaultNamingContext. This attribute contains the distinguished name (DN) of the root of the directory. In Windows 2000, this is the DN of the Domain container at the root of the current tree. By reading the defaultNamingContext attribute from the Root DSE, you can discover what domain you are logged in to at run time. When you press the Test button, the domain you are logged into is displayed.

Note that if the root is left blank when you press the Test button, the results may differ from when you actually run the server with KSS component (equipped with Authentication).  A blank root uses the default value, which is retrieved from the account that you are logged into the machine as.  However, when you run the server, you are logged in as LocalSystem (or whichever user name you specify on the Service tab), possibly yielding different results. For this reason, it is highly recommended that you either supply the root or log-in to the service with a user name/password different than LocalSystem.


Enter the LDAP credentials to gain access to LDAP server to lookup user entries.

Anonymous — Select this check box if you want to log in to LDAP server as anonymous user without providing user name and password.

Username/password — Enter the username/password to access the LDAP server.

Searching the Database

Select from the following options to search the entries in the address book directory services database:

Active Directory — With Windows Active Directory authentication method, the username is matched against the field "samAccountName", the Get Email From is matched against the field "mail", and the Get Display Name From is matched against the field "displayName".

eDirectory — With NetWare authentication method use the eDirectory search to match the Username against the field "uID",Get Email From against the field "mail", and the Get Display Name against the field "cn".

Custom — Use the custom option when you have multiple types of authentication. To customize the search, use this option to create matches against values that you can define for the following parameters:

  • Match Username Against
  • Get Email From
  • Get Display Name From

Click Reset to reset field values to empty.


To test the settings, click the Test button and enter a user name as it will be entered on the KSS device. This verifies that an email address and display name can be found for the user on the LDAP server.