The application is able to handle users authentication interacting with external systems in addition to the standard authentication. We can authenticate your users against ActiveDirectory and LDAP systems.
Please enter the section Administration->Security->External Security
In the following form you have to enable the feature and connect LogicalDOC to your LDAP/ActiveDirectory service:
- URL: complete connection URL to the external authentication server including port number (for ActiveDirectory it is 389)
- Username: username of a user that can perform searches inside your LDAP/ActiveDirectory (for ActiveDirectory you have to put the canonical name of the user)
- Password: passwort to conntect
- Users base node: canonical name of the root node where the users are located (you can define more nodes separated by semicolon ';')
- Groups base node: canonical name of the root node where the groups are located (you can define more nodes separated by semicolon ';')
To check if the connection parameters are correct, just click on Test Connection.
If the test passes, you can optionally choose to open the LDAP explorer that is an helpful utility to walk your directory and detect the exact canonical name of the nodes that contains users and groups.
Once you have connected the external directory, click on Save to make persistent your changes.
On the fly authentication
The next time a user tries to log into LogicalDOC, he will be authenticated against your LDAP/ActiveDirectory first and if the process completes succesfully, the user's profile(but not the password) is also automatically imported in LogicalDOC.
Manually import users
From time to time you may want to manually import a new user from the LDAP/ActiveDirectory, in this case open the Browser tab and here below click on Search to fiind al the users located at any level below the configured base node.
Right click on the user you want to import and select Import. When the user is imported, the groups he belongs to(and that fall below the groups base node you configured before) are imported as welll.
When the user is imported the first time, you will have to grant him and/or his groups the permissions in LogicalDOC. By default the imported user has the same permissions granted to the guest group.
Click on Active Directory to launch a small wizard that applies some standard parameters suitable for connecting to an AD domain server.
If you plan to use the MD5 implementation against an Active Directory you have to configure your AD server to use the reverse encryption option to store the users password