You can use LDAP Authentication to authenticate users against an Active Directory (AD) or LDAP server.
You can choose to have classroombookings automatically create accounts upon successful authentication with the server, or only allow access to accounts that already exist.
When LDAP is enabled and a user successfully logs in, the password they supplied is hashed and stored in the classroombookings database, just like regular users. This enables those users to log in using their most recent password, even if the LDAP server is temporarily unavailable or the LDAP setting gets turned off.
Your AD/LDAP server must be accessible over the internet from the classroombookings cloud service. Depending on your infrastructure, this is likely to mean opening and/or forwarding ports on firewalls. Please allow access to your AD/LDAP server from the following IP address:
Hostname or IP address of the AD/LDAP server to authenticate with. Currently, only one server is supported.
The port number that the AD/LDAP server is running on.
The protocol version number that the AD/LDAP connection should use.
Specify whether to use TLS for the connection.
Choose this option to ignore any certificate errors when using a TLS connection. If you do not use this option, you may need to install and/or accept your AD/LDAP server's certificate on the classroombookings server.
Specify the format that the authenticating user will use when attempting to connect to the LDAP server. This will vary depending on your AD/LDAP server configuration and version. The keyword
:user will be replaced by the username entered by the user.
Common formats are:
You can specify a search criteria to ensure that the authenticating user matches the given criteria here.
If you don't use this, any user who successfully authenticates with your AD/LDAP server using the settings above can log in to classroombookings. Most organisations will want to enter a search criteria to ensure only a certain tree or group of users can log in to classroombookings, and deny others.
This is the Base DN that the search will start at.
This is the AD/LDAP search filter used to find the user. The keyword
:user will be replaced by the authenticating username.
You can read more about the LDAP query syntax here: Search Filter Syntax.
When you use a search filter to find the authenticating user, you can populate some classroombookings user account fields with their attributes found in LDAP each time they log in.
You can combine multiple AD/LDAP attributes by adding a colon before the attribute name, for example -
:givenName :sn. If you are just specifying a single field, you do not need to include the colon - just enter the main attribute name.
If you leave the field blank, classroombookings will not attempt to populate those user details.
You can check if the AD/LDAP settings entered on this page will work by using the Test Settings box on the right side of the page.
This is useful to test that a connection can be made and only the desired user accounts can successfully authenticate.
The connection settings on the page are used every time you click Test credentials, so you don't need to click Save before testing.
Any error or success messages will be displayed under the box.