LDAP user authentication

LDAP user authentication#

This method connects to an LDAP server to verify users. Authentication is performed using the HTML login form on the Bacularis login page.

Security#

It is strongly recommended to use an encrypted connection to the LDAP server. In the Bacularis LDAP authentication settings you can configure encryption between Bacularis and the LDAP server using:

  • StartTLS

  • LDAPS

Multi-factor authentication (MFA)#

There are supported the following Bacularis MFA methods:

  • TOTP 2FA – Time-based one-time passwords (e.g., Google Authenticator)

  • FIDO U2F – Hardware security keys (e.g., YubiKey)

Organization support#

LDAP users can belong to organizations or exist independently.

The username (login) must be unique in all organizations with LDAP users and for users without organization. LDAP users share the same namespace. This means that there is not possible to have the same LDAP user name in two different organizations. You can see it on the image below.

../../_images/bacularis_authentication_ldap_auth_method_organization.png

User provisioning#

Fully supported. LDAP users can be automatically created and managed through provisioning.

Settings form#

You can enable LDAP authentication from:

[Main menu] => [Page: Security] => [Tab: Authentication] => [SubTab: Auth methods]

An example of the LDAP login form is shown below:

../../_images/bacularis_authentication_ldap_auth_method.png

Video guide#

Watch this tutorial for a step-by-step guide on configuring LDAP authentication: