You can use the system with an LDAP server or Active Directory server so that your users can use the same login names and passwords they use elsewhere in your organization, and you can avoid maintaining an additional set of user records. When you use LDAP, you do not have to manually create users in the system, but you retain the ability to create users who exist only in the system.
The system does not use LDAP authentication until you create at least one LDAP domain.
The system remembers LDAP users after they log in once. LDAP users appear on user lists only after they have logged in at least once.
When a user logs in while the system is configured to use LDAP, the LDAP adaptor uses an administrative account to log in to the LDAP server and search for the username supplied by the user. On finding the user in the LDAP database, the system then rebinds to the LDAP database using the username and password supplied by the user; if this succeeds, the user is allowed into the system and the system stores a record of the user.
A user record whose information is derived from an LDAP database has its User Name, Password, Login, Confirm, and Email fields disabled. Other properties, such as the time zone and access groups, can be changed within the system and the system remembers those values. (The system assigns LDAP users to the root user's time zone on first login, since it does not get time zone information from LDAP.)