Configuring LDAP authentication for Microsoft Active Directory

To configure LDAP for MetalSoft a series of configurations are required on both the MetalSoft side and also on the Identity Provider side to ensure that MetalSoft uses the correct attributes.

The following are the attributes that need to be configured and an example configuration using Microsoft Active Directory.

1. LDAP URL: ldap://saml-test.ad.metalsoft.dev:389

2. LDAP User Search Base: ou=adfsusers,dc=ad,dc=metalsoft,dc=dev

3. LDAP User Search Filter: (userPrincipalName={{username}})

4. LDAP Group Search Base: ou=adfsGroups,dc=ad,dc=metalsoft,dc=dev

5. LDAP Group Search Filter: (member={{dn}})

6. LDAP Bind DN: `cn=adfsadmin,ou=adfsusers,dc=ad,dc=metalsoft,dc=dev``

7. LDAP Bind Credentials: (As set for adfsadmin)

8. LDAP Allowed Domains: ad.metalsoft.dev

Now users can log in but by default they will be assigned the User role.

The default mappings (LDAP Group-MetalSoft role) are the following:

• MS-Model_root - root

• MS-Model_FullAdmin - full_admin

• MS-Model_BasicAdmin - basic_admin

Thus adding a user in the group MS-Model_FullAdmin will be mapped to a full_admin role in MetalSoft.