Add and Modify LDAP Connections

A Lightweight Directory Access Protocol (LDAP) directory is a collection of data about users and groups. LDAP is an internet protocol that web applications can use to look up information about those users and groups from the LDAP server. If you are using an LDAP server to store accounts in your organization, you can add and modify LDAP connections directly in qTest Manager. Once you have created an LDAP connection, you can then import users from your authentication system to qTest Manager.

You will need the Site Administrator permission to configure LDAP connections.

Supported LDAP directory servers

qTest provides built-in connectors for generic LDAP directory servers and for some common third-party LDAP directory servers, including the following:

Microsoft Active Directory
Apache Directory Server (ApacheDS)
Apple Open Directory
Fedora Directory Server
Novell eDirectory
OpenDS
OpenLDAP
OpenLDAP Using Posix Schema
Sun Directory Server Enterprise Edition (DSEE)

Notes

qTest supports synchronizing user data from your LDAP server to qTest Manager. However, account updates in qTest will not be synced back to your LDAP server.
If you are using qTest SaaS, you must configure your firewall settings to accept requests from the following Amazon servers' Elastic IP addresses. There must be a bi-directional connection to accept inbound and outbound requests between the qTest Amazon Elastic IPs and your LDAP server.
- 54.83.56.253
- 54.83.57.47
- 54.83.57.78
- 54.83.57.122
- 54.83.57.143
- 54.83.57.153

Add an LDAP connection

You can create and activate multiple connections to various LDAP servers.

To add an LDAP connection:

In qTest Manager, hover over your user name and select Administration from the User Profile menu.
Click the Authentication tab.
In the Authentication Systems panel, select LDAP.
Click the Add new External System config icon .

The External systems screen appears.
Click the default connection name to enter a new name for the connection.

In the Connection section, enter the following information, as applicable.

Field	Description
URL (Required)	Input the connection URL in hostname:port format, where: Hostname is the hostname or IP address of your directory server. Port is the port number on which your directory server is listening. Do not enter the protocol.
Base (Required)	Enter the base distinguished name (DN) to use when running queries against the directory server. For example: `o=example,c=com` `cn=users,dc=ad,dc=example,dc=com` Note: For Microsoft Active Directory, specify the base DN in dc=domain1,dc=local format. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe, which is useful for determining and configuring the LDAP structure of your server.
User DN	Enter the distinguished name (DN) of the user that the application will use when connecting to the directory server. For example: `cn=administrator,cn=users,dc=ad,dc=example,dc=com` `cn=user,dc=domain,dc=name`
Password	Enter the password for the account specified in the User DN field.
Use SSL connection	Select this check box if your LDAP server is using an SSL connection.
Is Active Directory	Select this check box if you are using Active Directory.

In the User filter section, enter the following information, as applicable.

Field Description

Field	Description
Base Search	Enter a base search value. This value is used in addition to the base distinguished name (DN) when searching and loading users. If no value is entered, the subtree search will start from the base DN. For example: `ou=Users`
Search Filter	Enter the filter to use when searching user objects. For example: `(&(objectCategory=Person)(sAMAccountName=*))`
Mapping fields (Required)	Map the following qTest Manager user properties with the corresponding LDAP attributes. Username First name Last name Email

Base Search

Enter a base search value. This value is used in addition to the base distinguished name (DN) when searching and loading users. If no value is entered, the subtree search will start from the base DN. For example:

ou=Users

Search Filter

Enter the filter to use when searching user objects. For example:

(&(objectCategory=Person)(sAMAccountName=*))

Mapping fields (Required)

Map the following qTest Manager user properties with the corresponding LDAP attributes.

Username
First name
Last name
Email

(For a future release) The Group filter section includes new configurations that are currently deactivated. These configurations have been added in preparation for upcoming SSO/LDAP enhancements, which are planned for the next major qTest Manager release. No entries are required in this section.
Click Test connection to verify whether qTest Manager is able to connect to your LDAP server.
If the connection is successful, click the Activation status button to activate the connection.

If qTest Manager fails to connect to your LDAP server, you will not be able to activate the connection.
Click Save.

LDAP configuration

Admins can configure the LDAP integration by clicking on their username in the upper right corner, selecting Administration from the drop-down menu, and navigating to the Authentication tab.

The LDAP connection properties are arranged into several sections:

Connection: LDAP server information for qTest Manager to communicate with.
User Filter: qTest Manager uses information in this section to filter or limit users when querying from the LDAP server. Manager will query users from the Base search if this section is not specified.
Group Filter: This is a new configuration section to support the new Import Group feature. Manager uses information in this section to filter or limit groups when querying from the LDAP server. Manager will query users from the Base search if this section is not specified.

For more information on connecting to LDAP, refer to Add and Modify LDAP Connections.