LDAP User Backend

Atfinity can use your LDAP directory as a user backend. The Atfinity login screen is still used, but username and password are forwarded to your LDAP directory. If you are looking for a single sign on solution, that uses external login screen, please have a look at Single Sign On.

Working principle

If an LDAP directory is set up and when a user tries to login on the atfinity login screen, the username and password is forwarded to your LDAP and the user and certain values like roles and group memberships are copied into atfinity. At each login, these values are refreshed again, meaning that roles and groups will not change as long as a user is logged in (Note that a login is only valid for maximum 24 hours, which can also be configured)


To set up LDAP, navigate to Administration -> Integrations -> LDAP Tab and enter the following values according to your setup.

Loading Groups and Roles

Atfinity will make a second query to load the groups and roles atfinity should assign to a user. For this, the member attribute of a user identified by its distinguishedName. The returned list of groups is compared against the configured groups and roles. If any name matches exactly (case sensitive) to the name of a group or role the user will be assigned to that group and role. All previous users group and roles not in that list will be removed.

Last updated