Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

LDAP Authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 14, 2026
  • 3 minute read
    • MarkLogic Server
    • Version 10.0
    • Documentation

If you use LDAP authentication, set the fields described in this section.

Screenshot of the LDAP server fields

Note:

The MarkLogic SSL App Server can work with SAN or Wild Card certificates. However, the MarkLogic LDAP client will not accept or work with a SAN or Wildcard-based certificate.

Field

Description

ldap server uri

If authorization is set to ldap, then enter the URI for the LDAP server. Required if authentication or authorization is ldap.

ldap base

If authorization is set to ldap, then enter the base DN for user lookup. Required if authentication or authorization is ldap.

ldap attribute

If authorization is set to ldap, then enter the name of the attribute used to identify the user on the LDAP server. Required if authentication or authorization is ldap.

ldap default user

The LDAP default user. Required if authentication is kerberos and authorization is ldap or bind method is simple.

If you specify an ldap-bind-method of simple, this must be a Distinguished Name (DN). If you specify an ldap-bind-method of MD5, this must be the name of a user registered with the LDAP

ldap password

confirm ldap password

The password and confirmation password for the LDAP default user. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap bind method

Note:

If you are using the MD5 bind method and Active Directory Domain Services (AD DS) on a computer that is running Windows Server 2008 or Windows Server 2008 R2, be sure that you have installed the hot fix described in http://support.microsoft.com/kb/975697.

The LDAP bind method to use. This can be either MD5, simple, or external. MD5 makes use of the DIGEST-MD5 authentication method. If the bind method is simple, then the ldap default user must be a Distinguished Name (DN). If MD5, then the ldap default user must be the name of a valid LDAP user.

When using a bind method of simple, the password is not encrypted, so it is recommended you use secure ldaps (LDAP with SSL).

A bind method of external makes use of a certificate to authenticate with the LDAP server. If the bind method is external, ldap-start-tls should be set to true.

ldap memberof attribute

The optional ldap attribute for group lookup. If not specified, memberOf is used for search for the groups of a user.

ldap member attribute

The optional ldap attribute for group lookup. If not specified, member is used for search for the group of a group.

ldap start tls

Whether or not to use start TLS request to the LDAP server. Set to true to use start TLS request. If set to true, the LDAP server URI should start with ldap:// instead of ldaps://.

ldap certificate

The PEM encoded X509 certificate for MarkLogic server to connect the LDAP server using mutual authentication. Required if bind method is external. Optional if bind method is MD5 or simple.

ldap private key

The PEM encoded private key corresponding to the certificate. Required if bind method is external. Optional if bind method is MD5 or simple.

ldap nested lookup

Whether or not to perform nested group lookup.

ldap remove domain

Whether or not to remove domain before matching with ldap-attribute.
TitleResults for “How to create a CRG?”Also Available inAlert