TechSmith Relay (Self-Hosted): Configure TechSmith Relay to Use LDAP

To configure LDAP, you should first set up a RelayPresenter Service Account.

RelayPresenter Service Account

Prior to configuring TechSmith Relay to work with LDAP, we recommend creating a “RelayPresenter” service account in your LDAP directory and associate this account when you bind credentials in LDAP. Use this account to perform the initial step in authenticating users.

When a user tries to authenticate over LDAP, TechSmith Relay uses this “RelayPresenter” user to search the LDAP directory and retrieve the user’s qualified domain name. The user’s qualified domain name is given to the LDAP directory along with their password for authentication.

TechSmith Relay never stores LDAP passwords with the exception of the password of this service account.

Important: The service account should have a password that does not expire. TechSmith Relay ceases to function for all users if the password of the service account in LDAP is not the same as the password stored in the TechSmith Relay database.

Configure TechSmith Relay to Use LDAP

  1. Go to Users > LDAP Configuration.
  2. Click Configure LDAP.
  3. Enter server information:
    • Server address
    • Port
      • Use secure authentication: Select if you want to connect to the LDAP server over SSL.
      • Trust all certificates: Enable if you cannot connect over SSL due to an invalid certificate. If you have a valid self-signed certificate, import the signing certificate into the Trusted Root Certificate Authority on the TechSmith Relay Server for better security.
    • Authentication method (Basic or Negotiate)
    • Username & password to authenticate
  4. Click Next.
  5. Select the returned base distinguished name or enter another.

    TechSmith Relay returns the root of the LDAP directory, and pre-fills the Base distinguished name field. Or, if you know exactly where your users reside in the LDAP directory, you can manually enter the Base DN.

  6. Click Next.
  7. Select the “RelayPresenter” service account as the representative user with the following attributes:
    • Full name
    • Username
    • Email address
  8. Click Next.
  9. Map the attributes from the selected user to the fields TechSmith Relay requires.

    You can choose from the dropdown list of attributes returned from LDAP or type in an attribute if it is not found in the dropdown list.

  10. Click Next.
  11. Review the configuration information.
  12. Enter a valid username and password into the Test Authentication fields and click Test.
  13. Click Finish.

    You can now configure TechSmith Relay to Add Users with LDAP.

Important: If you disable LDAP, users remain in the TechSmith Relay database. However, since TechSmith Relay never stores LDAP-associated passwords, users cannot access the TechSmith Relay website or make recordings. To re-enable users, select a user then click the Convert to Relay link. The user is emailed a randomly generated password. The user must access the TechSmith Relay website and change their random password.