Before use, the LDAP Authentication plugin must first be configured.

Prerequisites

The following information must be ready before configuration:

  • The base domain LDAP path.

    Windows users can run dsquery ou to discover the LDAP path

  • The LDAP port if it's something other than the default (389)

  • Full LDAP paths for the groups which are to be mapped to users, managers and administrators.

    Windows users can run dsquery group -name [group name]

Configuration

The LDAP Authentication plugin is configured by updating the the /conf/authentication/LDAPAuth.conf file with the correct values.

active_directory: Boolean

Is the LDAP server an Windows Active Directory domain? True or False.

host: String

The address of the LDAP server.

port: Number

The LDAP server port.

Active Directory uses 389 by default.

user: String

The user who has the appropriate permissions to query LDAP.

cred: String

The password of the user who will be querying LDAP.

base: String

The base domain for search requests.

name: String

The LDAP attribute user to store the users username.

Active Directory uses the attribute 'name'.

firstname: String

The LDAP attribute user to store the users first name.

Active Directory uses the attribute 'givenName'.

lastname: String

The LDAP attribute user to store the users last name.

Active Directory uses the attribute 'sn'.

email: String

The LDAP attribute user to store the users email address.

Active Directory uses the attribute 'email'.

user: String

The LDAP group which is mapped to the Zegami users group.

manager: String

The LDAP group which is mapped to the Zegami managers group.

admin: String

The LDAP group which is mapped to the Zegami administrators group.

attribute: String

Membership attribute to match when searching groups for user association. Posix groups use 'memberUid'. OpenLDAP use only.