LDAP Integration
This section helps you to configure your LDAP server. LDAP is the Lightweight Directory Access Protocol. It’s a hierarchical organization of Users, Groups, and Organizational Units - which are containers for users and groups. Every object has it’s own unique path to it’s place in the directory - called a Distinguished Name, or DN.
Manage the LDAP settings by navigating to Administration → Security → LDAP Configuration.
You need to restart the backend application to fully apply the changes.
LDAP configuration
The following settings are available:
Server Details
| Setting | Description | Example |
|---|---|---|
| Server URL | FQDN/IP of the LDAP server | ldap.example.com |
| Port URL | The port of your LDAP server. | 389 |
| Method | The authentication method. | simple / simple_tls / start_tls |
| Admin DN | Used only with search authentication method. It is the DN of the user who will bind to the LDAP server to perform the search. | uid=serviceboard,cn=users,cn=accounts,dc=int,dc=serviceboard,dc=io |
| Password | Password used to authenticate to your LDAP server. |
User Search & Filters
Only direct group members are synchronized (indirect membership is currently not supported).
User accounts are created in Serviceboard on the first authentication to Serviceboard. If a user object is not returned by LDAP configuration, it is disabled automatically.
First name, last name and line manager is updated automatically on every user authentication if there is any change to those attributes.
| Setting | Description | Example |
|---|---|---|
| User Search Base | User search base for filtering users. | cn=accounts,dc=int,dc=serviceboard,dc=io |
| Group membership | Enable if the authenticated user must be a member of a specific group(s). | Group Search Base: cn=groups,cn=accounts,dc=int,dc=dostack,dc=io Group Membership Attribute: member Group DN: cn=serviceboard-users,cn=groups,cn=accounts,dc=int,dc=dostack,dc=io |
| Attributes | Enable if the authenticated user should meet a certain criteria, | Attribute: objectClass Value: inetOrgPerson |
| Attribute presence | Enable if the authenticated user should contain a specific attributes. | Attribute: mail |
User Attribute Mappings
| Setting | Description | Example |
|---|---|---|
| Username | User attribute of the username. | uid |
| First Name | User attribute of the first name. | givenName |
| Last Name | User attribute of the last name. | sn |
| User attribute of the email. | ||
| Manager | User attribute of the line manager. | manager |
Groups Synchronization
Groups are fetched from LDAP automatically. If a group is not returned by LDAP configuration, it is disabled automatically. Members (users) of are automatically added unless they have not authenticate to Serviceboard yet.
| Setting | Description | Example |
|---|---|---|
| Group Search Base | Group search base for filtering groups. | cn=groups,cn=accounts,dc=int,dc=serviceboard,dc=io |
| Group Filter | Filter for filtering groups. | |
| Name | Group attribute of the name. | name |
| Description | Group attribute of the description. | description |
| Members | UGroup attribute of the members. | member |
Test Connection
Tests ability to connect to your LDAP server. Also tests ability to authenticate test-user and shows result of mapping-test-user’s meta-data. You need to save the LDAP configurations above in order to test it. Note: test-user credentials are not saved in DB.