book

How to use LDAP authentication

With the use of LDAP authentication you can easily let user login with the credentials they already know and which are stored in your Active Directory or Open Directory. Please note:

What LDAP authentication can do:

  • Authenticate user with their username and password (available for Xinca Admin, DEP enrollment, Apple Configurator Enrollment & On-Device Enrollment);
  • Create users and groups that don’t yet exist in Xinca
  • Update users and groups that already exist in Xinca (only if the properties in Xinca don’t match the properties in the remote directory). 

What LDAP Authentication can’t do:

  • Synchronize your complete AD or OD to Xinca. Users and groups are only created or updated when an users tries to authenticate on the fly
  • Read nested groups from AD or OD.

IP Adresses to whitelist in your firewall:

  • 94.130.139.182
  • 94.130.139.190
  • 94.130.139.187
  • 94.130.139.188
  • 212.178.82.42

Schema mapping (Directory -> Xinca):

Active Directory:

  • sAMAccountName -> Username
  • mail -> E-mail address
  • cn -> First and Last name
  • memberOf -> Group Membership
  • description -> Notes

Open Directory:

  • uid -> Username
  • mail -> E-mail address
  • cn -> First and Last name
  • description -> Notes
  • jpegPhoto -> User photo
  • The filter “(&(objectClass=posixGroup)(memberUid=USERNAME))” is used to fetch Group Membership

SSL:

We strongly recommend you to use SSL to encrypt the traffic that flow from and to your LDAP server.

Setup LDAP Authentication:

  • In ZMS navigate to “Organisation” -> “Settings” -> “Authentication”;
  • Choose “LDAP(s)” as the “Authentication Method”;
  • Tick the “Automatically create users that don’t exist locally” box if you want users and groups to be created or updated automatically when an users tries to log in;
  • Enter the LDAP’s server IP or FQDN and port (389 is default for LDAP and 636 is default for LDAP over SSL)
  • Tick the “Use SSL” box if you want to secure the communication using SSL;
  • Choose the Directory Type. Currently, ZuluDesk supports Microsoft Active Directory and Apple Open Directory;
  • Enter the “Base DN” of your LDAP server, for example: “dc=myschool,dc=com”
  • If your server supports anonymous binding, tick the “Bind to this LDAP server anonymously” box. Please note that Active Directory does not support authentication when binding anonymously!
    • Enter the full DN of the user you want to bind with, for example: “CN=ldap_proxy, OU=users, DC=myschool, DC=com”
    • Enter the password for the bind user
  • Click on the “Test Connection” button to test the connection to your LDAP server. If the connection is successful, you can click on the “Save” button.
Have more questions? Submit a request

0 Comments

Article is closed for comments.