Can Dispatch integrate with my corporate LDAP server?

Comments

1 comment

  • Tyler Whitaker

    Leading2Lean Dispatch can be integrated to the your corporate LDAP server. It provides the following benefits:

    1. Allow users to login to Dispatch by authenticating to the corporate LDAP server. Employees the same common username and password across multiple systems including Dispatch.
    2. Allow the Dispatch Administrator to Bulk import (setup) users from the LDAP server.

    Network Access

    For the Dispatch server to connect to your corporate LDAP server, it must be accessible on the Internet. Most companies choose to put their LDAP server on a DMZ network behind the corporate firewall. You can secure the LDAP server by restricting (whitelisting) traffic from *.leading2lean.com servers.

    Dispatch LDAP Configuration Information

    Setting up LDAP requires the following configuration items:

    LDAP Base Path

    This is the base connection string used to connect to your ldap server. Something like ldaps://ldap.myco.com

    LDAP Search User

    This is the username of an ldap user that has the permission to search or list users in the ldap directory. We recommend creating an ldap account with permissions restricted appropriately.

    Example: mycoldaplookup

    LDAP Search Password

    This is the password for the above listed search user.

    LDAP Search Base DN

    This is the portion of the ldap tree where users are located.

    Example: CN=Users,DC=myco,DC=com

    LDAP Auth Prefix

    This is the string that is to be prepended on the username to allow for an LDAP auth check. The authorization is checked by executing an LDAP bind to the LDAP Base Path with the combined LDAP Auth Prefix and username, and the user's password. If the bind is successful, then the user is authorized to login.

    Setting up an LDAP Configuration

    Dispatch allows for multiple LDAP configurations. Each configuration can apply to one or more Dispatch sites, and a single Dispatch site can draw upon multiple LDAP configurations for authorizing it's users.

    To get started, create a new ldap configuration in the Setup > LDAP Config menu option.

    Create a name and select the appropriate sites, then enter the configuration options described above. Click Test Connection, and a connection will be attempted. If successful, the setup wizard will expand to allow you to select LDAP field mappings for first and last name, username and email. Example entries from your LDAP server will be shown to guide this decision.

    After the LDAP configuration is created, you can use the Bulk Tool to link LDAP accounts with Dispatch accounts.

    User accounts can also be linked in each user configuration by selecting the appropriate LDAP configuration (or none) for each user.

    When a user with an LDAP configuration logs in, their password is checked with the linked LDAP server instead of locally in Dispatch. Any password changes on the LDAP server will be immediately effective in Dispatch.

    Originally answered Jun 25, 2014 at 1:05 am

    0
    Comment actions Permalink

Please sign in to leave a comment.