LDAP User Backend
Last updated
Last updated
Atfinity can use your LDAP directory as a user backend. The Atfinity login screen is still used, but username and password are forwarded to your LDAP directory. If you are looking for a single sign on solution, that uses external login screen, please have a look at Single Sign On.
If an LDAP directory is set up and when a user tries to login on the atfinity login screen, the username and password is forwarded to your LDAP and the user and certain values like roles and group memberships are copied into atfinity. At each login, these values are refreshed again, meaning that roles and groups will not change as long as a user is logged in (Note that a login is only valid for maximum 24 hours, which can also be configured)
To set up LDAP, navigate to Administration -> Integrations -> LDAP Tab and enter the following values according to your setup.
Name
Value
URL
Where can atfinity reach your LDAP User directory?
Base
The base DN for your users, e.g. ou=AADDC Users,dc=atfinity,dc=ch
First Name Attribute
The attribute of the returned object containing the first name (e.g givenName)
Last Name Attribute
The attribute of the returned object containing the last name (e.g. sn)
Initials Attribute
The attribute of the returned object containing the initials, if not given these will be calculated from the first and last name
Admin Role Name
You can specify here a role (returned by the query) that should signify a user is to be made an admin with full rights. Note that users will not become a member of a group with this name.
Atfinity will make a second query to load the groups and roles atfinity should assign to a user. For this, the member attribute of a user identified by its distinguishedName. The returned list of groups is compared against the configured groups and roles. If any name matches exactly (case sensitive) to the name of a group or role the user will be assigned to that group and role. All previous users group and roles not in that list will be removed.