Authentication Type LDAP

Using Authentication Type LDAP it is possible to use LDAP user accounts for checking the user login.


Recommended scenarios for this Authentication type are:

Customer wants to use the existing user accounts of the Microsoft Active Directory or

Customer wants to use the existing user accounts of the Novell eDirectory or

Customer wants to use the existing user accounts of the Sun Directory Server or

Customer wants to use the existing user accounts of the Open LDAP system.


Authentication type LDAP configuration

Authentication type LDAP configuration


Using a URL for a secure connection the application will be referenced via normal HTTP but sensible data like login data etc. will be transferred via HTTPS.

If you want to provide a guest user account without login dialog, you can configure a user name i.e guest. If the user guest has access rights on a project, the project can be started with a user parameter without login dialog.



The authentication type LDAP uses the WebOffice login dialog and users and passwords are managed by the WebOffice UM Repository and additionally synced via LDAP / AD during the login process.


A general comparison of the common authentication methods in WebOffice 10.9 SP1 can be found in chapter Overview of authentication methods.




Use domain?

Specifies whether authentication module takes the domain string into consideration (true) or not (false) when logging in (login (user name) is e.g.: VIENNA\Novak or VIENNA/Novak):

Yes: VIENNA\Novak or VIENNA/Novak will be used

No: Novak will be used


If using domain string (Yes) then the user login names in user management database must be saved with the domain strings included!

Use user roles only?

Use role based information from authentication system. If true, no storage and maintenance of user objects in the user management database is necessary then.

URL for secure connection

Secure Connection configuration. Use this for providing encrypted log in.

The URL for secure connection must look like https://<server>:<port>.

Prerequisite for use of a secure connection is:

When working with a web server (IIS, Apache):  a valid and installed SSL certificate on web server,

When working with Tomcat (without web server): a valid and installed SSL certificate on JDK as well as a correct Tomcat (servlet engine) configuration (SSL port, connector).

Guest user (anonymous)

Provide the login of the user who is allowed to start a project session without login dialog (Call with a user parameter).

For example:

Use fallback authentication type UM-DB

Set the option if WebOffice 10.9 SP1 user management will be used as authentication (true), if the login of the authentication type fails (f.e LDAP connection not available) or not (false - default).

If this option is activated, the first login attempt will be done on LDAP basis. If the Login via LDAP is not successful, the login attempt with same credentials will be done via WebOffice 10.9 SP1 user management. If that login attempt won't succeed, the user will get a message that the login was not successful.

Use both the LDAP groups and UM-DB groups

Use not only the LDAP groups but the groups configured in the user management database too. Applicable only when the Use user roles only? attribute is set to Yes. Useful for group authorisation for projects in which an authenticated AD user is not a member of the authorised AD group.


See chapter Groups for creating a new group in the user management database.

See chapter Users to create a new user in the user management database. This must be an existing user from the Active Directory.


The syntax of the login must be identical / uniform between Active Directory and user management database - this also applies to the domain.

With the exception of the additional groups from the UM-DB, all user information is obtained exclusively from the Active Directory.

Authentication type LDAP configuration



With WebOffice 10.9 SP1 backup LDAP Servers are supported. Just add a second LDAP configuration node. Connection to first defined LDAP served is tried first (top-down).