Connecting to LDAP
You can configure atfinity to authenticate users from your LDAP directory.
This means, that when a user tries to login on the atfinity login screen, the username and password is forwarded to your LDAP and the user and certain values like roles and group memberships are copied into atfinity. At each login, these values are refreshed again, meaning that roles and groups will not change as long as a user is logged in (Note that a login is only valid for maximum 24 hours, which can also be configured)
For this, you need to configure the following values in the Administration -> Integrations -> LDAP Tab:
Name
Value
URL
Where can atfinity reach your LDAP User directory?
Base
The base DN for your users, e.g. ou=AADDC Users,dc=atfinity,dc=ch
First Name Attribute
The attribute of the returned object containing the first name (e.g givenName)
Last Name Attribute
The attribute of the returned object containing the last name (e.g. sn)
Initials Attribute
The attribute of the returned object containing the initials, if not given these will be calculated from the first and last name
Admin Role Name
You can specify here a role (returned by the groups and roles query) that should signify a user is to be made an admin with full rights. Note that users will not become a member of a group with this name.

Groups and Roles

We make a separate query to load the groups and roles atfinity should assign to a user. For this, we query member attribute of a user identified by its distinguishedName. The returned list of groups is compared against the configured groups and roles. If any name matches exactly (case sensitive) to the name of a group or role the user will be assigned to that group and role. All previous users group and roles not in that list will be removed.
Last modified 1mo ago
Copy link