LDAP

Integrating with LDAP will allow you to synchronize users between Buddy and your server.

Getting started

Here's what you need before setting up the integration:

  • Server host and port
  • Whether the server supports SSL connection
  • DN and password of the person allowed to look up users on LDAP
  • LDAP subtree with user entries
  • Names of email and display name attributes

Testing connection

You can test the connection with your LDAP server by using the ldapsearch command:

$ ldapsearch -W -h localhost -D "cn=admin,dc=example,dc=org" -b "ou=users,dc=example,dc=org" -W "(objectClass=inetOrgPerson)" cn mail

This command will:

  • log in to the account with DN: cn=admin,dc=example,dc=org
  • perform query: ou=users,dc=example,dc=org
  • filter entries with (objectClass=inetOrgPerson)
  • display cn and mail attributes
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=example,dc=org> with scope subtree
# filter: (objectClass=inetOrgPerson)
# requesting: cn mail
#
# Example User, users, example.org
dn: cn=Example User,ou=users,dc=example,dc=org
mail: example.user@buddy.works
cn: Example User
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

Check the mail and cn field results. They will be used to sync LDAP accounts with Buddy.

Adding LDAP to Buddy

To configure LDAP integration:

  1. Log in to your Buddy Enterprise instance as admin
  2. Go to the admin settings and switch to the LDAP tab
  3. Enter integration details

Configuring integration

  1. Firstly, provide the LDAP server hostname, port, and check the SSL connection (optional).

The default LDAP port is 389.

LDAP IP configuration

  1. Then, add login credentials for the user that has access to user lookup. You will need their fully qualified Distinguished Name (DN) and password:

LDAP login cofniguration

  1. In the next step, add the domain base DN of the LDAP subtree you want to search for user objects. You can also provide an optional filter:

LDAP user account search configuration

The filter field supports syntax as defined in RFC4515.

You can use the filter to allow logging in only for users with certain role (e.g. developer).

  1. Provide the attribute names with user's email and display name:

LDAP user field mapping

  1. Restart your machine to apply settings.

Testing configuration

After you restart your instance, go into "People" tab in Buddy and then "Invite users from LDAP". Check if the name and email was synchronised as expected.

If the page takes too long to load, it probably means that the Buddy instance cannot connect to the LDAP server.