How To Configure LDAP For Authentication With Microsoft Active Directory

  • Article ID:100038123
  • Modified Date:
  • Product(s):


Changing LDAP configuration variables is live, there is no need to re-start the server when the LDAP configuration is setup. When LDAP is enabled, all user authentication is done via LDAP except for superuser, which is always local to the cluster/appliance.   

To gain access to a Clearwell cluster/appliance, the end user must have a user account (and role) on the Clearwell as well.

This process can be automated by using the esa.ldap.createUnknownUsers=true setting as described below.  

When LDAP is enabled, all Clearwell user password facilities are removed from the UI, except for superuser's ability to modify his own password.

An example ldap configuration that works with an Active Directory server is as follows:

Step 1:

For specific values please contact your Active Directory administrator. 
These settings enable all Clearwell corporate accounts to have Case User access to all cases on your cluster. User names will be the Clearwell account names, like 'bloch'. 

a. Please use the System > Support Features > Property Browser to setup the following properties:

esa.ldap.userBase=ou=test Users,dc=corp,dc=local
esa.ldap.roleBase=ou=test Users,DC=corp,DC=local
esa.ldap.defaultRole=Case User

b. Then click Submit.  

Step 2:

Check the output of the authentication.  If it fails authentication, then check the log file: "D:\CW\<version>\logs\catalina*.log  "

Step 3:

If it succeeds authentication, the system is now setup to use LDAP authentication.

Related Articles

How To Change ESA Configuration Settings (Property Browser)

Was this content helpful?

Get Support