LDAP: How to set up authentication

If you would like your Room Booking System users to gain access via the login details they have in Active Directory this article shows you how to configure this using LDAP Authentication.

Why set up LDAP Authentication?

Setting up LDAP authentication means staff can login to the Room Booking System with their existing username and password from AD meaning there is no need to import and maintain a list of staff login details. 

Firewall Rules

To enable us to access your LDAP Server and authenticate your users please configure your firewall to allow communication with your Domain Controller from the following IP Addresses via Port 389 (for LDAP) or 636 (for LDAPS): 

109.108.139.77
109.108.139.142
109.108.139.143

Setting Up LDAP Authentication

From the Administrator Homepage go to System Settings > LDAP Authentication and complete all fields with your details.
Server Name - This section should be completed with your organisation's public facing IP address

e.g. 210.232.115.79:389, ldaps://mail.mydomain.com:636

Base DN  - Enter the Base DN from your Active Directory.
This should be the point from where a server will start the search for users

e.g. ou=People,dc=example,dc=com.

The easiest way to check this information is to bring up the properties field in Active Directory.

Domain - Enter your domain details

e.g.domain, domain.local, domain.co.uk

User Attribute - Enter the attribute format that is being used for the search.

e.g. UID or sAMAccountName.

Search Filter - Optional. This field can be used if you want to search on multiple criteria, or search on users that are members of a specific group. This field can be left blank if you are happy to leave this as the Base DN already entered above. If you decide to use this, always use the "&({userfield}={username})" part of the query. This makes sure that the LDAP query only returns users with a username matching the one entered on the login page.

You can use the search filter to check an attribute or that the user signing in is a member of a specific group:
(&({userfield}={username})(description=staff))

This filter will allow any users who have a description of "staff" or an email assigned to them:
(&({userfield}={username})(|(description=staff)(email=*)))

This filter searches for users in a specific group inside the BaseDN. This is handy when you want only a few specific groups to be able to log in: 
(&({userfield}={username})(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))

The field uses LDAP query syntax and, therefore, you can use the following guide to get some more information on what you can do with the field:

https://docs.microsoft.com/en-us/windows/desktop/adsi/search-filter-syntax.

Test Set Up

You can now test the LDAP settings to ensure the details are correct and that the system can connect to your server.

  1.  Under Test LDAP Settings enter a Username and Password for a user that should now have access under your search criteria and click on Test Authentication.
  2. A box will now appear with the results of your test:

    If the connection is successful your user will now be able to access the system. When you're ready, you can turn on the authentication method for all users. You can find out how in the next section.

    If the connection failed please check your set up and adjust where required. If you need further assistance please  contact us.

Enabling the set up

If you have tested the setup to work then it should be fine to enable it. If you don't have any users on the system at the moment, we recommend turning on the Automatically Create New Users option.

If you have users on the system at the moment, we will need to change them over to work with the new authentication method. If the usernames are different in LDAP, we'll need to switch the usernames to the new format while we do this. Please save the LDAP settings then get in touch with us via email on support@roombookingsystem.co.uk and let us know that you'd like to set your user accounts to be compatible with LDAP. If you need to set the usernames, let us know the pattern you would like to apply to the usernames and we'll do that. While we switch the users over to be LDAP compatible, those who aren't compatible or who don't have matching usernames

Can I View the User Accounts on the Room Booking System?

Once you have set up your LDAP Authentication all the users under your search criteria will have access to the system.

When a user logs into the Room Booking System for the first time their user account will be created on the Room Booking System. If the user has not logged in they will not appear on the Room Booking System - unless an account has been previously manually set up or imported.

It is possible to 'pre-populate' the users on your Room Booking System, please  contact us for more information.   

Once the accounts are created you can then go ahead and set up User Permissions if required. See  How do I set up user permissions? for more details.


.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us