Configuring LDAP authentication for Microsoft Active Directory¶
To configure LDAP for MetalSoft a series of configurations are required on both the MetalSoft side and also on the Identity Provider side to ensure that MetalSoft uses the correct attributes.
The following are the attributes that need to be configured and an example configuration using Microsoft Active Directory.
LDAP URL: ldap://saml-test.ad.metalsoft.dev:389
LDAP User Search Base:
ou=adfsusers,dc=ad,dc=metalsoft,dc=dev
LDAP User Search Filter:
(userPrincipalName={{username}})
LDAP Group Search Base:
ou=adfsGroups,dc=ad,dc=metalsoft,dc=dev
LDAP Group Search Filter:
(member={{dn}})
LDAP Bind DN: `cn=adfsadmin,ou=adfsusers,dc=ad,dc=metalsoft,dc=dev``
LDAP Bind Credentials:
(As set for adfsadmin)
LDAP Allowed Domains:
ad.metalsoft.dev
Now users can log in but by default they will be assigned the User
role.
The default mappings (LDAP Group-MetalSoft role) are the following:
MS-Model_root
-root
MS-Model_FullAdmin
-full_admin
MS-Model_BasicAdmin
-basic_admin
Thus adding a user in the group MS-Model_FullAdmin
will be mapped to a full_admin
role in MetalSoft.