Skip to main content
Version: NG-2.13

LDAP Integration

Lightweight Directory Access Protocol (LDAP), serves as a "phone book" for networks. It offers centralized storage for usernames, passwords, and user attributes. LDAP verification is crucial for user identity and permission management, providing the fundamental mechanism for logging in with credentials.

Accessing User Federation

The User Federation module in vuSmartMaps allows access to external databases and directories, including LDAP and Active Directory.

  1. The User Federation page can be accessed from the platform left navigation menu by navigating to Platform Settings > User Federation.
  2. Upon entering the User Federation module, the landing page, when no provider is added, shows the message, “You don’t have any user federation configured. To configure one, click the ‘+ New Provider’ button.”
note

Read and write permissions to the Preferences module are needed to access the user federation module.

Adding a New LDAP Provider

  1. To add a new LDAP provider, click the + New Provider button and select LDAP.
  2. Provide the necessary details for adding an LDAP provider.
    1. General Options
      1. Vendor: Select LDAP Vendor (provider) – options include Active Directory, Red Hat Directory Server, Tivoli, Novell eDirectory, and Other.
    2. Connection and Authentication Settings:
      1. Connection URL: Connection URL to your LDAP Server.
      2. Enable StartTLS (Optional): Encrypts the connection to LDAP using StartTLS, which will disable connection pooling.
      3. Connection Timeout (Optional): LDAP connection timeout in milliseconds.
        1. Test Connection Button: Test if the connection is established.
      4. Bind Domain Name: Provide the Distinguished Name (DN) of the LDAP admin. IDP will use this DN to access the LDAP server.
      5. Bind Password: Password of the LDAP admin.
        1. Test Authentication Button: Test authentication with the server.
    3. LDAP Searching and Updating
      1. Users Domain Name: Specify the full DN of the LDAP tree where user data is located.
      2. Username LDAP Attribute: Define the LDAP attribute that is mapped as the IDP's username.
      3. User Object Classes: List all values of the LDAP object class attribute for users in LDAP, separated by commas.
    4. Synchronization Settings
      1. Periodic Full Sync (Optional): Enable to periodically perform a full synchronization of LDAP users to IDP.
      2. Full Sync Period: Period for full synchronization in seconds.
      3. Periodic changed users sync (Optional): Enable to periodically synchronize changed or newly created LDAP users to IDP.
      4. Changed Sync Period: Period for synchronization of changed or newly created LDAP users in seconds.
  3. Clicking Save adds the LDAP provider to the user federation page.
note

The current version of vuSmartMaps supports adding only one LDAP Provider.

Enabling/Disabling LDAP Provider

On the User Federation page, a radio button allows you to enable/disable the LDAP provider.

note

The LDAP provider is enabled by default after the initial addition in the user federation module.

Viewing LDAP Configuration

  1. Clicking on the provider's name navigates you to a page displaying all LDAP-related configuration settings in the Settings tab.
  2. Enable/Disable LDAP Server: Toggle using the radio button.
  3. Sync Users: Options include Sync changed users, Sync all users, and Remove imported users.

Viewing Mapper

  1. Navigate to the Mapper tab to view all mappers associated with the LDAP provider.
  2. Click on a mapper's name to view specific details.

Editing LDAP Configuration

  1. To edit the LDAP configuration, click the Edit icon on the user federation page.
  2. Make necessary edits in the LDAP Provider settings.

Adding a New Mapper

  1. To add a new mapper, navigate to the Mapper tab. And click on the + New Mapper button.
  2. Provide all the required information related to the mapper.
    1. Name: Name of the mapper.
    2. Mapper Type: Used to map a single attribute from the LDAP user to the attribute in the identity provider database.
      1. User Attribute Mapper: Maps attributes from LDAP user to IDP user attributes.
      2. Hardcoded Attribute Mapper: Hardcode a value to a user attribute.
      3. Group LDAP Mapper: Maps group mappings of groups from LDAP to identity provider.

note

For the Group LDAP Mapper, you can set an LDAP Filter to define the common name as "Vunet-*" to ensure that only roles with the "Vunet-" prefix are imported. This helps in filtering and importing only the relevant roles specific to vuSmartMaps.

Viewing Mapper

Click on a mapper's name to view specific details.

Editing the Mapper

To edit the existing mapper, click on the Edit icon across that respective mapper and edit the configuration as required.

Deleting the Mapper

To remove the existing mapper from the user federation page, click on the Delete icon across the respective mapper. Accepting the warning by clicking on the Delete button shall remove this mapper.

Deleting LDAP Configuration

  1. To delete the existing LDAP configuration, click the Delete icon on the user federation landing page.
  2. Accept the warning message to remove the LDAP configuration.

Syncing Users with LDAP Server

You can sync users with the options available, as required.

  1. Sync changed users
  2. Sync all users
  3. Remove Imported Users

To view the users added by the LDAP provider, navigate to the User Management module.

note

When LDAP is configured and synchronization occurs, all LDAP users are imported into the system. However, by applying the Vunet-* filter to the group, only the groups with this prefix will be pulled. Additionally, in the user management module, all roles with the Vunet- prefix will be listed.

Signing in with LDAP Provider

Once successfully configured, logging in through the LDAP provider is as straightforward as a standard login, using default username/password forms for authentication.