Appearance
LDAP Authentication
It is possible to use LDAP to authenticate users in the web interface. Any LDAP-compliant server like Active Directory or OpenLDAP is supported.
Enable the feature
To enable LDAP authentication, activate the feature in the Administration area in the web interface.
The following settings are required:
Setting | Description | Example |
---|---|---|
LDAP connection address | A connection string of the LDAP server. | ldap://10.0.0.2:389 , ldaps://encrypted.ldap-example.com |
LDAP base DN | The base DN for the LDAP search. | dc=example,dc=com |
LDAP bind username | A username to connect to the LDAP server. Read-only access is sufficient. | cn=ldapuser,dc=example,dc=com or company\readonly-user |
LDAP bind password | The password for the bind username. |
The following advanced settings can be configured. The defaults should work for most Microsoft Active Directory installations:
Setting | Description | Example |
---|---|---|
LDAP user filter | An LDAP filter to search for users. %s will be replaced with the username the user has entered during login. | (&(objectClass=user)(sAMAccountName=%s)) |
Role attribute | This attribute will be used to assign the CareSuite roles to the authenticating user. | memberOf |
Configure the CareSuite Role Mappings
The CareSuite roles are assigned to the LDAP users based on the Role attribute
setting. The value of the attribute is expected to be a list of DNs.
For each role in the CareSuite, a corresponding LDAP group should be created. The DN of the created LDAP group can be assigned to a CareSuite Role using the Role mapping
field when editing the role.
When a user logs in, they will be assigned the CareSuite roles based on the LDAP groups they are a member of.