Directory Service Integration

You can now use Embold to integrate LDAP directory services. To do that, you need to just Add Directory, Test Directory and Login to Embold. At the moment, we support OpenLDAP and Microsoft Active Directory services only. We will be adding support to more directory services later on.


Steps to add directory:

  1. Navigate to User Directories tab in administration section.
  2. Click on Add Directory button to open Add Directory popup.
  3. Enter directory Server Settings form field details.
  4. Enter directory LDAP Schema details.
  5. Enter directory User Schema Settings details.
  6. After filling all the form fields, click Save & Test button. Know more about directory fields.
  7. User will get a notification message and will get added to the list of directories.
Add directory

Steps to test directory:

  1. Navigate to User Directories tab in administration section.
  2. You will see list of all directories and besides each external directory you will see Test icon.
  3. Click on Test icon to open Test Directory popup.
  4. Enter valid LDAP user credentials and click Test button.
  5. User will get a notification message about Test Directory.
  6. If successful then you are ready to Login to Embold.
  7. In case of failure, you will see Invalid Credentials message there. Try again, using valid LDAP user credentials.
Test directory

Steps to remove directory:

  1. Navigate to User Directories tab in administration section.
  2. You will see list of all directories and besides each external directory you will see three icons such as Test, Edit and Remove.
  3. Click on the Remove icon which will open Warning popup.
  4. Click on Delete Permanently button to remove directory permanently from Embold.

Yes No

About Directory Fields

Server Settings

  • Name: Enter a meaningful name to help you identify the LDAP directory server.
    Example: My Enterprise Directory, Corporate LDAP Directory etc.

  • Directory Type: Select the type of LDAP directory that you will connect to. If you are adding a new LDAP connection, the value you select here will determine the default values for many of the options on the rest of screen.
    Example: Microsoft Active Directory, OpenLDAP etc.

  • Hostname: The host name of your directory server.
    Example: ad.example.com, ldap.example.com etc.

  • Port: The port on which your directory server is listening.
    Example: 389, 10389, 636 (in case, SSL enabled) etc.

  • Use SSL: Check this if the connection to the directory server is an SSL (Secure Sockets Layer) connection. Note that you will need to configure an SSL certificate in order to use this setting.

  • Username: The distinguished name of the user that the application will use when connecting to the directory server.
    Example: cn=admin,dc=ldap,dc=example,dc=com

  • Password: The password of the user specified above.

    Note: Connecting to an LDAP server requires that this application log in to the server with the username and password configured here. As a result, this password cannot be one-way hashed – it must be recoverable in the context of this application. The password is currently stored in the database in encrypted format. To guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application’s database or configuration files.

LDAP schema

  • Base DN: The root distinguished name (DN) to use when running queries against the directory server.
    Example: cn=users,dc=ldap,dc=example,dc=com

    For Microsoft Active Directory, specify the base DN in the following format: dc=ad,dc=example,dc=com. You will need to replace the ad, example and com with your specific domain component configuration.

  • Additional User DN: This value is used in addition to the base DN when searching and loading users. If no value is supplied, the sub-tree search will start from the base DN.
    Example: ou=Users

  • Additional Group DN: This value is used in addition to the base DN when searching and loading groups. If no value is supplied, the sub-tree search will start from the base DN.
    Example: ou=Groups

User schema settings

  • User Object Class: This is the name of the class used for the LDAP user object.
    Example: user, person, inetOrgPerson etc.

  • User Object Filter: The filter to use when searching user objects.
    Example openLDAP: (&(objectClass=person)(|(ou:dn:=RND)(ou:dn:=HR)))
    Example MS AD:
    (&(objectCategory=Person)(sAMAccountName=*))

  • User First Name Attribute: The attribute field to use when loading the user’s first name.
    Example: givenName

  • User Last Name Attribute: The attribute field to use when loading the user’s last name.
    Example: sn

  • User Email Attribute: The attribute field to use when loading the user’s email address. This attribute is used for login into Embold.
    Example: mail

Yes No
Suggest Edit