Skip to content

LDAP Authentication

It is possible to use LDAP to authenticate users in the web interface. Any LDAP-compliant server like Active Directory or OpenLDAP is supported.

Enable the feature

To enable LDAP authentication, activate the feature in the Administration area in the web interface.

The following settings are required:

SettingDescriptionExample
LDAP connection addressA connection string of the LDAP server.ldap://10.0.0.2:389, ldaps://encrypted.ldap-example.com
LDAP base DNThe base DN for the LDAP search.dc=example,dc=com
LDAP bind usernameA username to connect to the LDAP server. Read-only access is sufficient.cn=ldapuser,dc=example,dc=com or company\readonly-user
LDAP bind passwordThe password for the bind username.

The following advanced settings can be configured. The defaults should work for most Microsoft Active Directory installations:

SettingDescriptionExample
LDAP user filterAn LDAP filter to search for users. %s will be replaced with the username the user has entered during login.(&(objectClass=user)(sAMAccountName=%s))
Role attributeThis attribute will be used to assign the CareSuite roles to the authenticating user.memberOf

Configure the CareSuite Role Mappings

The CareSuite roles are assigned to the LDAP users based on the Role attribute setting. The value of the attribute is expected to be a list of DNs.

For each role in the CareSuite, a corresponding LDAP group should be created. The DN of the created LDAP group can be assigned to a CareSuite Role using the Role mapping field when editing the role.

When a user logs in, they will be assigned the CareSuite roles based on the LDAP groups they are a member of.