LDAP and Active Directory Authentication
SyncNow provides robust support for multiple LDAP and Active Directory (AD) connections, allowing seamless integration with your organization's directory services for user authentication. This ensures that user credentials are verified against existing directories before checking SyncNow's internal user database.
🌐 Multiple Directory Connections
- Multi-Domain Support:
SyncNow can connect to multiple Active Directory or LDAP servers, enabling authentication across different domains and directories. - Login Flow:
When a user attempts to log in, SyncNow checks each configured directory connection in order. If the user is not found in any directory, the system checks the internal users' database.
⚙️ Enabling LDAP and Active Directory Authentication
To enable LDAP or Active Directory authentication:
-
Navigate to Authentication Providers
Go to the Authentication Providers page in SyncNow.
-
Enable LDAP/Active Directory Authentication
Toggle the switch to enable LDAP or Active Directory authentication. -
Add a New Directory Connection
Click the Add Connection button to configure a new directory connection.
📝 Configuring a Directory Connection
Each LDAP/AD connection requires the following details:
-
Connection Name
- Unique name for the directory connection (e.g., "Corporate AD Server").
-
Host/IP Address
- Hostname or IP address of the domain controller (e.g.,
ad.example.comor192.168.1.1).
- Hostname or IP address of the domain controller (e.g.,
-
Username and Password
- Credentials with permission to search for user objects (e.g.,
admin@example.com).
- Credentials with permission to search for user objects (e.g.,
-
Search Scope
- Scope for searching user objects:
- One Level: Immediate children of the search base
- Subtree: Entire subtree
- Scope for searching user objects:
-
Search Base
- Base distinguished name (DN) for the search (e.g.,
OU=Users,OU=IT,DC=Example,DC=com). - You can add multiple search bases if needed.
- Base distinguished name (DN) for the search (e.g.,
-
Search Filter
- LDAP filter to refine search results (e.g.,
(objectClass=person)).
- LDAP filter to refine search results (e.g.,
-
Search Attribute
- Directory attribute used to match the username (e.g.,
userPrincipalName).
- Directory attribute used to match the username (e.g.,
🛠️ Managing Directory Connections
You can manage each configured connection from the Authentication Providers page:
-
Enable/Disable a Connection:
Use the toggle switch to enable or disable a connection without deleting it. -
Edit a Connection:
Click Edit to update connection details as needed. -
Delete a Connection:
Click Delete to remove a directory connection.Note: This action is irreversible.
Tip:
Use multiple directory connections to support complex enterprise environments with several domains or organizational units.