LDAP/AD Directory

All Plugins / Auth / Ldap

Identity Card

StatusCore
Plugin LabelLDAP/AD Directory
Short DescriptionAuthentication datas are stored in an LDAP/AD directory.
Plugin Identifierauth.ldap
AuthorPierre Wirtz
Urldocs/references/plugins/auth/ldap
Dependencies

Documentation

This features-rich plugin is a connector to LDAP/AD user directories.

It is higly parametrizable : define filters for users and groups, map LDAP attributes to Pydio internal properties, map LDAP groups to pydio roles or groups. Check each parameters documentation for more info.

Please note: there are constant discussions on the forum concerning the right configuration of the plugin depending on the LDAP or AD server used, please search the forum before posting.

Instance parameters

LabelDescriptionTypeDefault
Server Connection

LDAP_CONNECTION_LEGEND
Set up main connection to server. Use the button to test that your parameters are correct.Legend
LDAP URL *
LDAP_URL
LDAP Server URL (IP or name)String
Protocol *
LDAP_PROTOCOL
Connect through ldap or ldapsSelect (ldap, ldaps)ldap
LDAP Port
LDAP_PORT
LDAP Server Port (leave blank for default)String389
LDAP bind username
LDAP_USER
Username (uid + dn) of LDAP bind userString
LDAP bind password
LDAP_PASSWORD
Password of LDAP bind userString
Users Schema

LDAP_USERS_LEGEND
These parameters will describe how the users will be loaded/filtered from the directory.Legend
People DN
LDAP_DN
DN where the users are storedString
LDAP Filter
LDAP_FILTER
Filter which users to fetch.StringobjectClass=person
User attribute
LDAP_USERATTR
Username attributeString
Test User
TEST_USER
Use the Test Connection button to check if this user is correctly found in your LDAP directory.String
Test Connection
TEST_LDAP
Try to connect to LDAPButton
Groups Schema

LDAP_GROUPS_LEGEND
These parameters will describe how groups will optionally be loaded/filtered from the directory.Legend
Groups DN
LDAP_GDN
DN where the groups are stored. Must be used in cunjonction with a group parameter mapping, generally using the memberOf feature.String
LDAP Groups Filter
LDAP_GROUP_FILTER
Filter which groups to fetch.StringobjectClass=group
Group attribute
LDAP_GROUPATTR
Group main attribute to be used as a labelString
Role Prefix (for memberof)
LDAP_GROUP_PREFIX
Role prefix when you mapping memberof => roleIDStringldap_
Attributes Mapping

LDAP_MAPPING_LEGEND
Use this section to automatically map some LDAP attributes to Pydio plugins parameters values.Legend
LDAP attribute
MAPPING_LDAP_PARAM
Name of the LDAP attribute to readString
Mapping Type
MAPPING_LOCAL_TYPE
Determine the type of mappingSelect (plugin_param, role_id, group_path, profile)
Plugin parameter
MAPPING_LOCAL_PARAM
Name of the custom local parameter to setString
Advanced Parameters

LDAP_ADVANCED_LEGEND
More advanced settings for LDAP/ADLegend
Fake Member from...
LDAP_FAKE_MEMBEROF
If there is no memberOf attribute/overlay, use this option to create additional memberOf attribute. Enter the groups attribute storing the members ids, can be generally either memberUid or member, depending on the schema.String
Fake MemberOf. value of member/memberUid attribute of group
LDAP_VALUE_MEMBERATTR_IN_GROUP
value of member/memberUid attribute of group: can be user DN or user CN. Use with Fake memberOf enabled. YES use DN, otherwise CNBooleantrue
Search Users by Attribute
LDAP_SEARCHUSER_ATTR
When looking for a user through autocomplete, search on a specific parameter instead of user IDString
LDAP Server page size
LDAP_PAGE_SIZE
Page size of LDAP ServerString500
Cache User Count (hours)
LDAP_COUNT_CACHE_TTL
Locally cache the total number of users during X hours. Can be handy for huge directories.Integer1
Auth Driver Commons
Auto Create User
AUTOCREATE_AJXPUSER
When set to true, the user object is created automatically if the authentication succeed. Used by remote authentication systems.Booleanfalse
Login Redirect
LOGIN_REDIRECT
If set to a given URL, the login action will not trigger the display of login screen but redirect to this URL.String
Administrator Login
AJXP_ADMIN_LOGIN
For exotic auth drivers, an user ID that must be considered as admin by default.String
Auto apply role
AUTO_APPLY_ROLE
For multiple authentication, apply this role to users authenticated via this driverString