Connecting to LDAP

You can configure atfinity to authenticate users from your LDAP directory.

This means, that when a user tries to login on the atfinity login screen, the username and password is forwarded to your LDAP and the user and certain values like roles and group memberships are copied into atfinity. At each login, these values are refreshed again, meaning that roles and groups will not change as long as a user is logged in (Note that a login is only valid for maximum 24 hours, which can also be configured)

For this, you need to configure the following values in the Administration -> Integrations -> LDAP Tab:

Name

Value

URL

Where can atfinity reach your LDAP User directory?

Base

The base DN for your users, e.g. ou=AADDC Users,dc=atfinity,dc=ch

First Name Attribute

The attribute of the returned object containing the first name (e.g givenName)

Last Name Attribute

The attribute of the returned object containing the last name (e.g. sn)

Initials Attribute

The attribute of the returned object containing the initials, if not given these will be calculated from the first and last name

Group Membership Attribute

The attribute of the returned object containing a list of group names the user should be a member of. If any of these group names exist in atfinity, the user will be made a member of the group. If the user was member of any other groups, these memberships will be removed

Roles Attribute

The attribute of the returned object containing a list of role names the user should have as roles (e.g memberOf). If any of these roles exist in atfinity, the user will be given those roles and only those roles.

Admin Role Name

You can specify here a role (returned by roles attribute) that should signify a user is to be made an admin with full rights (e.g memberOf). The system will not try to make the user also a member of a group with this name.