LDAP User Backend

Atfinity can use your LDAP directory as a user backend. The Atfinity login screen is still used, but username and password are forwarded to your LDAP directory. If you are looking for a single sign on solution, that uses external login screen, please have a look at Single Sign On.

Working principle

If an LDAP directory is set up and when a user tries to login on the atfinity login screen, the username and password is forwarded to your LDAP and the user and certain values like roles and group memberships are copied into atfinity. At each login, these values are refreshed again, meaning that roles and groups will not change as long as a user is logged in (Note that a login is only valid for maximum 24 hours, which can also be configured)

Configuration

To set up LDAP, navigate to Administration -> Integrations -> LDAP Tab and enter the following values according to your setup.

Name

Value

URL

Where can atfinity reach your LDAP User directory?

Base

The base DN for your users, e.g. ou=AADDC Users,dc=atfinity,dc=ch

First Name Attribute

The attribute of the returned object containing the first name (e.g givenName)

Last Name Attribute

The attribute of the returned object containing the last name (e.g. sn)

Initials Attribute

The attribute of the returned object containing the initials, if not given these will be calculated from the first and last name

Admin Role Name

You can specify here a role (returned by the groups and roles query) that should signify a user is to be made an admin with full rights. Note that users will not become a member of a group with this name.

Loading Groups and Roles

Atfinity will make a second query to load the groups and roles atfinity should assign to a user. For this, the member attribute of a user identified by its distinguishedName. The returned list of groups is compared against the configured groups and roles. If any name matches exactly (case sensitive) to the name of a group or role the user will be assigned to that group and role. All previous users group and roles not in that list will be removed.

Last updated