Skip to main content
Skip table of contents

Configuring LDAP Mapping

Lucidum supports LDAP roles. To use LDAP roles, you must first map LDAP roles to local Lucidum roles.

For example, we could map the LDAP role “DEVELOPER” to the the Lucidum role “IT_Operation”. All LDAP users with the “DEVELOPER” role automatically inherit the “IT_Operation” role in in Lucidum.

To map LDAP roles to Lucidum, you must:

  • Define LDAP settings in Settings > System Settings > General > LDAP Settings

  • Map LDAP roles to Lucidum roles in Settings > User Management > LDAP Mapping

Defining LDAP Settings in Lucidum

To define the LDAP Settings in Lucidum:

  1. Navigate to Settings > System Settings > General. Expand the LDAP Settings

  2. In the LDAP Settings panel, enter values for the following:

    LDAP Setting

    Description

    Example

    LDAP URL

    URL where you LDAP server resides. Include the port number.

    ldap://192.168.1.211:389

    LDAP Base DN

    Specify where in the LDAP hierarchy to start searching for user information. If you are unsure, specify the “root” base for Lucidum. For example, dc=ad,dc=lucidum,dc=com

    dc=lucidum,dc=com

    LDAP User DN Patterns

    Pattern for the DN for all users. During runtime, {0} in the uid attribute is replaced with the username. During runtime, the user DN is built using the LDAP Base DN and the LDAP User DN patterns.

    uid={0},ou=people

    LDAP Group DN Patterns

    Pattern for the DN for all groups. During runtime, the group DN is built using the LDAP Base DN and the LDAP Group DN Patterns.

    ou=groups

    LDAP Manager User

    The “manager” attribute is a standard LDAP attribute and has a syntax of DistinguishedName (DN). This user can manage other user accounts.

    cn=manager,ou=people,dc=com

    LDAP Manager Password

    The password for the manager account.

    ILoveLDAP1!

    LDAP Password Attribute

    Attribute associated with encrypted LDAP passwords.

    userPassword

  3. Click Update to save the LDAP settings.

Mapping LDAP Roles to Lucidum Roles

Before you can map LDAP roles to Lucidum roles, you must first retrieve the and examine the list of LDAP roles in your LDAP implementation.

Depending on your LDAP implementation, you can assign roles to users via groups, explicitly per user, or by dynamic group. How you assign roles to users will determine how to search for the list of roles in your LDAP implementation.

There are multiple open source tools for seaching and filtering LDAP. For example, ldapsearch (https://docs.ldap.com/ldap-sdk/docs/tool-usages/ldapsearch.html).
After you examine the list of LDAP roles, you can map LDAP roles to Lucidum roles. To do this:

  1. Navigate to Settings > User Management > LDAP Mapping.

  2. Click Create LDAP Role Mapping.

  3. In the New LDAP Role Mapping modal page, you can define a mapping between a single LDAP role and one or more Lucidum roles.

  4. In the New LDAP Role Mapping modal page, enter the following:

    • LDAP Role. Enter the name of the LDAP role. The role name must exactly match the role name in LDAP. Users with the specified LDAP role (either explictly assigned, assigned by group, or assigned by dynamic group) automatically inherit the mapped Lucidum role upon logging in to Lucidum.

    • Local Roles. Map one or more Lucidum roles to an LDAP role.

      • To assign a Lucidum role, click on its checkbox in the Available list and click the > arrow to move the role to the Selected list.

      • To remove a Lucidum role, click on its checkbox in the Selected list and click the < arrow to more the role to the Available list.

  5. Click Confirm to save the mapping.

  6. Repeat steps 1-5 for each LDAP role you want to map to one or more Lucidum roles.

Edit LDAP Mapping

You can edit an existing LDAP mapping. To do so:

  1. Navigate to Settings > User Management > LDAP Mapping.

  2. Find the LDAP mapping you want to edit. Click its Edit link.

  3. In the Edit LDAP Role Mapping modal page, you can add or remove Lucidum roles from an LDAP role.

  4. In the the Edit LDAP Role Mapping modal page, edit the following:

    • Local Roles. Map one or more Lucidum roles to an LDAP role.

      • To assign an additional Lucidum role, click on its checkbox in the Available list and click the > arrow to move the role to the Selected list.

      • To remove a Lucidum role, click on its checkbox in the Selected list and click the < arrow to more the role to the Available list.

  5. Click Confirm to save your changes.

Delete LDAP Mapping

To delete an LDAP mapping:

  1. Navigate to Settings > User Management > LDAP Mapping.

  2. Find the LDAP mapping you want to edit. Click its Delete link.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close