LDAP
If your company supports LDAP Authentication, FOSSA can be configured to use your Directory for user login and provisioning, as well as automatically adding users to Teams.
Enterprise Feature
This feature is only available to customers on an Enterprise plan. Please contact [email protected] for more information.
To configure FOSSA for LDAP Authentication, there is some information you'll need to gather about how to connect to your corporate Directory, as well as information about how users and groups are defined.
Server Settings
| Setting | Description |
|---|---|
| Server URL | The host name that your directory is reachable at. Examples: - ldap.example.com - ad.example.com |
| Server Port | The port on which your directory server is listening. Examples: - 389 - 636 (commonly used for SSL) |
| Use SSL | Check this box if FOSSA should connect to your server using SSL. |
Bind Credentials
These are credentials that FOSSA will use to connect to your LDAP Directory. FOSSA will create a read-only connection in order to verify that the authenticating user exists, and (optionally) to determine which groups the user is part of.
| Setting | Description |
|---|---|
| Distinguished Name | The distinguished name of the user that FOSSA will use to connect to your directory server. |
| Secret | The password for the user specified above. |
User Schema Settings
| User Base Distinguished Name | The root distinguished name to use when running user search queries against your directory server. Examples: - dc=example,dc=com - o=fossa-users,dc=example,dc=com |
| User Search Filter | The filter to use when searching for users. This value must include {{username}}, which will be replaced with the username used to log in. Examples:- (uid={{username}}) - (&(objectCategory=Person)(uid={{username}})) |
| User Email Attribute | The attribute field to use when loading the user's email. Example: |
| User Name Attribute | The attribute field to use when loading the user's name. Examples: - cn - displayName |
Group Schema Settings
| Manage Teams on LDAP | When enabled, FOSSA will create a Team for each group returned by your directory server and add the user to that team. If a user is removed from a group on your directory server, they will be removed from the FOSSA Team during their next log in. |
| Group Base Distinguished Name | The root distinguished name to use when running group search queries against your directory server. Examples: - dc=example,dc=com - o=fossa-users,dc=example,dc=com |
| Group Name Attribute | The attribute field to use when loading the group's name. Example: - cn |
| Group DN Attribute | The attribute from your user object to use when searching for a user's inclusion in a group. Example: - dn |
| Group Search Filter | The filter to use when searching for a user's groups. This value may include {{username}}, which will be replaced with the username used to log in, or {{dn}}, which will be replaced with the attribute from the user object specified above. Examples:- (&(objectclass=group)(uniqueMember={{username}})) - (&(objectclass=groupOfUniqueNames)(uniqueMember={{dn}})) |
Testing your LDAP Configuration
Once you have filled out all the necessary configuration options for your LDAP Directory, you can test FOSSA's connection and verify the information that is returned by clicking the "Test Connection" button. This test will simulate a user logging into FOSSA, and will show you the information that is returned from your server.
Updated about 1 year ago