BuildForge Help

LDAP and Active Directory Integration

You can use the system with an LDAP server or Active Directory server so that your users can use the same login names and passwords they use elsewhere in your organization, and you can avoid maintaining an additional set of user records. When you use LDAP, you do not have to manually create users in the system, but you retain the ability to create users who exist only in the system.

The system does not use LDAP authentication until you create at least one LDAP domain.

The system remembers LDAP users after they log in once. LDAP users appear on user lists only after they have logged in at least once.

When a user logs in while the system is configured to use LDAP, the LDAP adaptor uses an administrative account to log in to the LDAP server and search for the username supplied by the user. On finding the user in the LDAP database, the system then rebinds to the LDAP database using the username and password supplied by the user; if this succeeds, the user is allowed into the system and the system stores a record of the user.

A user record whose information is derived from an LDAP database has its User Name, Password, Login, Confirm, and Email fields disabled. Other properties, such as the time zone and access groups, can be changed within the system and the system remembers those values. (The system assigns LDAP users to the root user's time zone on first login, since it does not get time zone information from LDAP.)

Note: If you want to change values that are derived from LDAP, you can either create the user record in the system before the user logs in (since the system does not replace an existing user record if the system already has a user with the same login name as an LDAP user), or you can delete the user derived from LDAP and then create a new user with the same login name. Deleting the user deletes all Build Forge properties associated with the user.
Note: You can map LDAP groups to access groups by setting the LDAP Group DNs property for an access group to reference the distinguished names of one or more LDAP groups.
Note: Group mapping is performed only once, upon initialization. Changes to LDAP groups are not checked for once Build Forge is initialized.
Related concepts
Creating and Editing Users
Access Groups