LDAP user authentication#

This auth method connects to the LDAP server to verify users. This method uses an HTML form on the login page to authenticate.

Security#

It is recommended to use an encrypted connection between Bacularis and the LDAP server. In the LDAP authentication settings, there are encryption options (StartTLS and LDAPS) to configure.

Multi-factor authentication#

There are supported the following Bacularis MFA methods:

TOTP 2FA - this is time-based one time password method.

FIDO U2F - this is method that uses the hardware U2F security keys.

Organization support#

LDAP users can belong to organizations or not.

The username (login) has to be unique in all organizations with LDAP users and for users without organization. LDAP users share the same namespace. This means that there is not possible to have the same LDAP user name in two different organizations. You can see it on the image below.

../../_images/bacularis_authentication_ldap_auth_method_organization.png

User provisioning#

This method fully supports the user provisioning.

Settings form#

The LDAP user auth method you can enable on this page:

[Main menu] => [Page: Security] => [Tab: Authentication] => [SubTab: Auth methods]

Here you can see the LDAP authentication form:

../../_images/bacularis_authentication_ldap_auth_method.png

Video guide#

Here is a guide showing how to configure the LDAP authentication:

LDAP user authentication

Contents