Last modified by Aurelie Bertrand on 2025/11/14 11:59
Show last authors
1 If you want to use an external LDAP for authentication :
2
3 1. Check **Use an external authentication LDAP**.
4 1. Enter the parameters for the LDAP server used to authenticate users.
5 The following options are available:(((
6 |=(% scope="row" style="width: 524px;" %)Use StartTLS|(% style="width:601px" %)Use the secure LDAP version on TLS for encrypting the authentication process.
7 |=(% style="width: 524px;" %)**Ignore user sub-trees for user login**|(% style="width:601px" %)Do not browse subtrees for identification.
8 |=(% style="width: 524px;" %)One level search (default is sub trees search)|(% style="width:601px" %)Do not search all sub-trees.
9 |=(% style="width: 524px;" %)Use the DigDash LDAP if the authentication fails|(% style="width:601px" %)Use DigDash LDAP if authentication fails with external LDAP.
10 |=(% style="width: 524px;" %)Deactivate the validation of certificate (LDAPS)|(% style="width:601px" %)Disable the use of the secure LDAP protocol (LDAP over SSL).
11 )))
12 1. You can load a rules file for importing LDAP authentication users. You can find a commented example of this rules file (ldapmapping.xml) in the **documentation/en/sample** directory of the DigDash installation.
13 1. Click **Validate **to accept the changes you have made.
14 1. If you wish to modify the LDAP requests, click on the **LDAP Requests** link and modify the desired requests.
15
16 To import users from this LDAP:
17
18 1. Open the **Configuration -> User Management** page.
19 1. In the **Authentication LDAP Users** section (which is only enabled if you are using an external LDAP server) :
20 1*. Type the name of the user you are looking for (or leave the field empty to display all users) and click **Search**
21 1*. Select the users you wish to import and click **Import users**.
22
23 (% class="box infomessage" %)
24 (((
25 **Note**: If you have loaded a rules file for importing LDAP authentication users in the LDAP authentication server configuration, this will be used first.
26 )))
27
28 [[image:1762529515895-969.png||alt="Authentication LDAP"]]
29
30 = Active Directory LDAP authentication connection =
31
32 == Import users from a domain group ==
33
34 It is possible to refine the LDAP request to filter the import of users affiliated to a single Active Directory domain group. To do this, use the //memberOf //syntax in the **user** **query**.
35 For example, to import all the users in the CN=GRP_DIGDASH_TEST group in the company_name Active Directory domain, ignoring the other groups, we use the following query:
36
37 {{code language="sql"}}
38 (&(objectClass=user)(memberOf=CN=GRP_DIGDASH_TEST,OU=Groupes Applis,OU=Groupes de Gestions,DC=nom_entreprise,DC=local))
39 {{/code}}
40
41 (% style="text-align:left" %)
42 The DN tree should look like this:
43
44 (% style="text-align:left" %)
45 (% style="color:#d35400" %)DC=local
46
47 (% style="color:#d35400" %)└── DC=company_name
48
49 (% style="color:#d35400" %)└── OR=Management groups
50
51 (% style="color:#d35400" %)└── OR=Application groups
52
53 (% style="color:#d35400" %)└── CN=GRP_DIGDASH_TEST
54
55 [[image:1762529727819-158.png||alt="Authentication LDAP queries"]]
56
57
58 (% class="box infomessage" id="H" %)
59 (((
60 💡 To import users with a user id in AD format (firstname.lastname), use **sAMAcountName** instead of **cn** in **Attribute user id (RDN)**.
61 )))
62
63 == Problems importing users ==
64
65 If you encounter difficulties importing users from an external Active Directory LDAP:
66
67 1. Check the **Ignore user subtrees for identification** option.
68 1. In the LDAP request, enter **sAMAccountName** (or the one that is always filled in) in the **User ID attribute (RDN)** field.
69 1. Check that the user search on the external LDAP is working.
70 1. Restart the server so that the import works.