Skip to main content

Connect to LDAP

Overview

Connect your AD users to AdminX with a direct LDAP connection. Once connected, you can view, add, and remove your AD users through the AdminX panel.

Connect to LDAP via Direct Connection

Add a New Directory

To get started, navigate to your AdminX dashboard and log in as a tenant or community administrator. Once you are logged in, navigate to the Directory Integrations page by clicking the link on the left-hand menu.

Click Add new directory

Select LDAP Direct Connection

Connection Information

Under Connect to a directory, enter the following information:

  • Directory type: select LDAP
  • Directory name: enter a name to use for this connection

Under Connection Information, enter the connection details for your Active Directory domain:

  • Server protocol type: select LDAP, or LDAPS
  • Server URL: LDAP server URL
  • Server Port: LDAP server port
  • Base Domain: LDAP base domain

Under Service Account Information, enter the details for your LDAP service account:

  • Service account username: LDAP service account username
  • Service account password: LDAP service account password
  • Service account read-only: enable this if you only wish to read from this directory (cannot create new users)
  • Authentication method: select SIMPLE
  • Filter: Enter a directory term to filter for, such as user
  • LDAP Query Filter (optional): Enter LDAP query to filter for (see below for more details)

Click Connect to save your settings and enable the directory.

LDAP Query Filter

LDAP query filters are regular expression used to filter only the desired directory parameters and discard any others.

Administrators can user LDAP directory queries to filter which users can authenticate to BlockID and log in. This is useful if you only wish to allow user accounts that are marked as active to log in to your tenant. This field is optional and can be left blank.

Example LDAP Query Filter: (&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(lockoutTime>=1)))

Attributes Mapping

Next, we have to set our Attributes Mapping for the broker to interact with the AD Directory.

Click on the Attributes mapping tab and select Add new mapping.

Add each Directory attribute and the corresponding BlockID attribute from the table below:

Directory AttributesBlockIDAttributes
uiduid
uidusername
mobilephone
mailemail
givennamefirstname
snlastname

Here is an example of how to add the uid attribute:

  1. Click Add attribute mapping
  2. Enter uid in the Directory attribute box
  3. Select uid from the BlockID attribute drop-down menu
  4. Click Create

Repeat this process for each of the Directory Attributes in the table above.