If your company supports LDAP Authentication, FOSSA can be configured to use your Directory for user login and provisioning, as well as automatically adding users to Teams.

๐Ÿ‘

Enterprise Feature

This feature is only available to customers on an Enterprise plan. Please contact [email protected] for more information.

To configure FOSSA for LDAP Authentication, there is some information you'll need to gather about how to connect to your corporate Directory, as well as information about how users and groups are defined.

Server Settings

SettingDescription
Server URLThe host name that your directory is reachable at. Examples:
- ldap.example.com
- ad.example.com
Server PortThe port on which your directory server is listening. Examples:
- 389
- 636 (commonly used for SSL)
Use SSLCheck this box if FOSSA should connect to your server using SSL.

Bind Credentials

These are credentials that FOSSA will use to connect to your LDAP Directory. FOSSA will create a read-only connection in order to verify that the authenticating user exists, and (optionally) to determine which groups the user is part of.

SettingDescription
Distinguished NameThe distinguished name of the user that FOSSA will use to connect to your directory server.
SecretThe password for the user specified above.

User Schema Settings

User Base Distinguished NameThe root distinguished name to use when running user search queries against your directory server. Examples:
- dc=example,dc=com
- o=fossa-users,dc=example,dc=com
User Search FilterThe filter to use when searching for users. This value must include {{username}}, which will be replaced with the username used to log in. Examples:
- (uid={{username}})
- (&(objectCategory=Person)(uid={{username}}))
User Email AttributeThe attribute field to use when loading the user's email. Example:
- mail
User Name AttributeThe attribute field to use when loading the user's name. Examples:
- cn
- displayName

Group Schema Settings

Manage Teams on LDAPWhen enabled, FOSSA will create a Team for each group returned by your directory server and add the user to that team. If a user is removed from a group on your directory server, they will be removed from the FOSSA Team during their next log in.
Group Base Distinguished NameThe root distinguished name to use when running group search queries against your directory server. Examples:
- dc=example,dc=com
- o=fossa-users,dc=example,dc=com
Group Name AttributeThe attribute field to use when loading the group's name. Example:
- cn
Group DN AttributeThe attribute from your user object to use when searching for a user's inclusion in a group. Example:
- dn
Group Search FilterThe filter to use when searching for a user's groups. This value may include {{username}}, which will be replaced with the username used to log in, or {{dn}}, which will be replaced with the attribute from the user object specified above. Examples:
- (&(objectclass=group)(uniqueMember={{username}}))
- (&(objectclass=groupOfUniqueNames)(uniqueMember={{dn}}))

Testing your LDAP Configuration

Once you have filled out all the necessary configuration options for your LDAP Directory, you can test FOSSA's connection and verify the information that is returned by clicking the "Test Connection" button. This test will simulate a user logging into FOSSA, and will show you the information that is returned from your server.


Whatโ€™s Next