LDAP

xltrail allows central user management via LDAP services such as OpenLDAP or Microsoft's Active Directory.

NOTE:
  • After changing the config file, you need to run xltrail restart to apply the changes.
  • LDAP is only available with the Enterprise plan.

Start by adding the following setting to the config file (/etc/xltrail/xltrail.conf) to switch from the app internal user management to LDAP:

AUTH_PROVIDER=ldap

Then configure LDAP via the following settings:

LDAP_URL (required)

LDAP server URL.

Example:

LDAP_URL=ldap[s]://ldap.mycompany.com:port
LDAP_BIND_DN (required)

LDAP user with search privileges in the form of a distinguished name (DN). With Active Directory, you can also use the domain\username syntax.

Examples:

LDAP_BIND_DN=cn=myuser,dc=domain,dc=com
LDAP_BIND_DN=mydomain\myuser
LDAP_BIND_PASSWORD (required)

The password for LDAP_BIND_DN.

Example:

LDAP_BIND_PASSWORD=mypassword
LDAP_BASE_DN (required)

The fully qualified DN of an LDAP subtree you want to search for users and groups.

Example:

LDAP_BASE_DN=ou=Users,dc=mycompany,dc=com
LDAP_USER_DN (required)

The fully qualified DN of the user you need to authenticate when verifying a login. Use {userid} as placeholder for user.

Examples:

LDAP_USER_DN=uid={userid},ou=Users,dc=mycompany,dc=com
LDAP_USER_DN=mydomain\{userid}
LDAP_USER_FILTER (required)

LDAP search filter for regular xltrail users.

Examples:

LDAP_USER_FILTER=(sAMAccountName={userid})
LDAP_USER_FILTER=(&(userid={userid})(memberOf=cn=xltrail-user,ou=Users,dc=mycompany,dc=com))
LDAP_ADMIN_FILTER (required)

LDAP search filter for xltrail admins. Admins have access to settings where they can delete projects, for example.

Examples:

LDAP_ADMIN_FILTER=(sAMAccountName={userid})
LDAP_ADMIN_FILTER=(&(userid={userid})(memberOf=cn=xltrail-admin,ou=Users,dc=mycompany,dc=com))
LDAP_USER_EMAIL_ATTRIBUTE (required)

Email attribute for user object.

Example:

LDAP_USER_EMAIL_ATTRIBUTE=mail
LDAP_USER_DISPLAYNAME_ATTRIBUTE (required)

Display name attribute for user object.

Examples:

LDAP_USER_DISPLAYNAME_ATTRIBUTE=displayName
LDAP_USER_DISPLAYNAME_ATTRIBUTE=cn

A full example

AUTH_PROVIDER=ldap
LDAP_URL=ldaps://ldap.mycompany.com:636
LDAP_BIND_DN=uid=xltrail,ou=Users,dc=mycompany,dc=com
LDAP_BIND_PASSWORD=mypassword
LDAP_BASE_DN=ou=Users,dc=mycompany,dc=com
LDAP_USER_DN=uid={userid},ou=Users,dc=mycompany,dc=com
LDAP_USER_EMAIL_ATTRIBUTE=mail
LDAP_USER_DISPLAYNAME_ATTRIBUTE=cn
LDAP_USER_FILTER=(&(userid={userid})(memberOf=cn=xltrail-user,ou=Users,dc=mycompany,dc=com))
LDAP_ADMIN_FILTER=(&(userid={userid})(memberOf=cn=xltrail-admin,ou=Users,dc=mycompany,dc=com))

results matching ""

    No results matching ""