Setting Up LDAP Authentication

CONTENTS

Home

bipp supports Lightweight Directory Access Protocol (LDAP) for user authentication. LDAP is set up once for your organization. Once enabled, LDAP authentication is added to the bipp login page to authenticate your users.

You must have the Tenant Admin role to configure LDAP for your organization.

LDAP authentication in bipp:

  • Configuring LDAP for an organization on bipp platform enables the authentication.
  • bipp supports simple authentication with name/password credentials. Anonymous authentication is not supported.
  • LDAP user accounts must have read privileges for the user entries and group entries where the user is a member.
  • bipp connects to LDAP server in read-only mode and no LDAP directory writes are attempted even if the user account has write privilege.

To configure LDAP

  1. Enable Development Mode.
  2. Click Settings in the Navigation pane.
  3. Click LDAP.

LDAP Configuration

  1. Enter your LDAP server information:
    Host: name or IP address of your LDAP server.
    Port: server port for LDAP. For example, 3269.
    Base DN: Base Distinguished Name of your LDAP directory. This is the starting point to search for the user’s credentials within your directory. For example: dc=companyname,dc=com.
    Bind Key: bind method. Select UID to use the user ID, Mail use the email address.
    Use SSL: select Yes or No to enable Secure Socket Layer (SSL). bipp recommends you to use SSL. Here are the SSL fields: LDAP Server Information
    Skip Insecure Verification: select Yes or No to skip certificate verification. bipp recommends selecting No.
    Client Certificate: enter the client certificate details.
    Client Private Key: enter the client private key.
    Root CA Certificates: enter your certificate. If you have multiple certificates, click + Add more.
    User Filter: authentication search criteria for user logins. For example, (mail=%s) searches by email.
    Group Filter: authentication search criteria is based on Group membership. For example: (&(objectCategory=Group)(member=%s))
    Group Search Key: search criteria to retrieve the LDAP groups. For example: distinguishedName.
  2. Click Enable.
Search filters are based on the organization’s LDAP server configuration. Any deviation can result in LDAP configuration malfunction and LDAP authentication failure. Use tools such as ldapsearch or Apache Directory Studio to test your LDAP search settings.

Logging in to bipp with LDAP Authentication

After LDAP Authentication is enabled, users see a different bipp login screen.
LDAP Login Page
bipp attempts to bind to the LDAP instance with the user credentials. If authenticated, the user is logged into bipp.

If you choose to disable LDAP Authentication after you have added your users to bipp, ensure you have an alternate authentication mode such as Google or SSO. Disabling LDAP without an alternate login method can lock users out of bipp.