book

How to add LDAP authentication

With the use of LDAP authentication you can easily let user login with the credentials they already know and which are stored in your Active Directory or Open Directory. Please note:

What LDAP authentication can do:

  • Authenticate user with their username and password (available for Xinca App, DEP enrollment, Apple Configurator Enrollment & On-Device Enrollment);
  • Create users and groups that don’t yet exist in ZuluDesk;
  • Update users and groups that already exist in ZuluDesk (only if the properties in ZuluDesk don’t match the properties in the remote directory). 

What LDAP Authentication can’t do:

  • Synchronize your complete AD or OD to ZuluDesk. Users and groups are only created or updated when an users tries to authenticate (“on the fly”);
  • Read nested groups from AD or OD.

IP Adresses to whitelist in your firewall:

  • 94.130.139.182
  • 94.130.139.190
  • 94.130.139.187
  • 94.130.139.188
  • 212.178.82.42

Schema mapping (Directory -> ZuluDesk):

Active Directory:

  • sAMAccountName -> Username
  • mail -> E-mail address
  • cn -> First and Last name
  • memberOf -> Group Membership
  • description -> Notes

Open Directory:

  • uid -> Username
  • mail -> E-mail address
  • cn -> First and Last name
  • description -> Notes
  • jpegPhoto -> User photo
  • The filter “(&(objectClass=posixGroup)(memberUid=USERNAME))” is used to fetch Group Membership

SSL:

We strongly recommend you to use SSL to encrypt the traffic that flow from and to your LDAP server.

Setup LDAP Authentication:

  • In ZMS navigate to “Organisation” -> “Settings” -> “Authentication”;
  • Choose “LDAP(s)” as the “Authentication Method”;
  • Tick the “Automatically create users that don’t exist locally” box if you want users and groups to be created or updated automatically when an users tries to log in;
  • Tick the “Force local authentication for ZuluDesk Parent” box if you don’t want the Parent app to use the LDAP server for authentication. If this box is ticked, ZuluDesk Parent will use “Local” authentication;
  • Enter the LDAP’s server IP or FQDN and port (389 is default for LDAP and 636 is default for LDAP over SSL)
  • Tick the “Use SSL” box if you want to secure the communication using SSL;
  • Choose the Directory Type. Currently, ZuluDesk supports Microsoft Active Directory and Apple Open Directory;
  • Enter the “Base DN” of your LDAP server, for example: “dc=myschool,dc=com”
  • If your server supports anonymous binding, tick the “Bind to this LDAP server anonymously” box. Please note that Active Directory does not support authentication when binding anonymously!
    • Enter the full DN of the user you want to bind with, for example: “CN=ldap_proxy, OU=users, DC=myschool, DC=com”
    • Enter the password for the bind user
  • Click on the “Test Connection” button to test the connection to your LDAP server. If the connection is successful, you can click on the “Save” button.
Have more questions? Submit a request

0 Comments

Article is closed for comments.