LDAP/AD as an external authentication provider

You can integrate multiple LDAP servers to authenticate users in the Platform by importing the user information from LDAP/AD to the local Platform database (identity store). The imported user information is read-only (username, email, first name, last name, and other mapped attributes are unchangeable). Passwords are not imported and password validation is performed on the LDAP server.

Synchronization of LDAP/AD users to the Platform

By default, you perform synchronization on demand:

  • Full synchronization
  • Synchronization of changed and new users

However, you can define periodic synchronization on the provider configuration page by setting a time (in seconds) after which the sync is repeated. Also, for a better performance, you can set a limit to the number of users to be imported from LDAP/AD to the Platform within a single transaction.

Tip: The best way to handle syncing is to click Synchronize all users when you first create the LDAP/AD provider, and then set up a periodic sync of changed users.

For details, see Configure LDAP/AD as an authentication provider.

LDAP mappers

LDAP mappers are listeners that are triggered by the LDAP provider at various points, for example:

  • When a user logs in via LDAP and needs to be imported.
  • At the time of the Platform initiated registration.
  • When a user is queried from the Admin Console.

You can map LDAP user attributes into the Platform common user model. When you create an LDAP authentication provider, the system automatically provides a set of built-in mappers for this provider (username, email, first name, and last name). You can change this set and create a new mapper, update existing ones, or delete them.

For details, see Configure LDAP mappers.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.