LDAP
LDAP (Lightweight Directory Access Protocol) is an integration with corporate directory services that allows authenticating users against Active Directory or other LDAP services.
What it is used for
- Authenticate users with corporate credentials
- Import users from the corporate directory
- Centralize access management
- Eliminate the need to manage local passwords for corporate users
Configuration
| Field | Description |
|---|---|
| Server address | IP or hostname of the LDAP server |
| Port | Connection port (389 or 636 for LDAPS) |
| Base DN | Base distinguished name for searches |
| Filter | LDAP filter for user searches |
| Authentication mask | Authentication pattern |
| User | User for directory bind |
| Password | Bind user password |
Attribute mapping
| Attribute | Description |
|---|---|
| Username | LDAP attribute containing the username |
| First name | Attribute containing the user's first name |
| Last name | Attribute containing the last name |
| Attribute containing the email address | |
| Roles | Attribute containing the assigned roles |
How it works
Authentication
When a user with an LDAP origin attempts to log in, their credentials are validated against the LDAP server using the configured authentication mask.
User import
The import is performed manually from the users interface. The system queries the LDAP server using the configured filter and creates or updates users in Gredit according to the mapped attributes.
Role assignment
Roles are automatically assigned during import based on the mapping of the roles attribute with the role identifiers configured in Gredit.
Relationship with other modules
- Users: Authenticates users and allows importing them from the corporate directory
- Roles: Roles are automatically assigned based on attribute mapping
- Login records: LDAP authentications are recorded in the system