You can setup connection with an LDAP server to allow your users to login into knowi using LDAP credentials. Please Contact us to enable this feature. The LDAP server used only as read-only information to login and get information about logged-in user objects to map directly to Knowi fields of contained within their user account.
LDAP configuration create and edit
The LDAP tab can be found within User settings. It is possible to create multiple different LDAP configurations. Click "Add" to add new configuration. If you wish to edit an existing configuration, please select it from drop-down list. After selecting the configuration, you can then edit or view existing configuration or delete it by pressing "Delete" button.
LDAP Configuration details
Type an configuration name (any), your LDAP server host and port, and select TLS checkbox if your LDAP server supports TLS encryption.
This section is used to enter an "master" LDAP account which must have access to get information about LDAP user objects which you or your users want to login with. After entering the credentials, you have the opton click on the "Test" button to check if the credentials and connection details are valid. This will run the connection with LDAP server, "bind" with entered master DN and then unbind and disconnect from server.
Base search DN: this is the top root path to start search of user from.
Login attributes: comma-separated list of attribute names of user objects which will be used as login field to login into Knowi. E.g. this could be "uid", "cn", etc. The system will choose the first match via any of the provided attributes (OR filter will be used to search users with this attributes).
Email attribute: used to read the email attribute and assign to the email field of Knowi User.
User Name Attributes: list of attributes to set to Knowi User Name, commonly this is First Name and User Name.
ID attribute: should uniquely identify your user in LDAP server.
Filter (optional): used to filter search through user objects for login. E.g. can filter by groups, organisations, etc. Please refer to your LDAP server documentation on filter syntax.
Roles and Groups management
Please choose which Knowi role will be mapped to the LDAP user when logging into Knowi. Optionally, you may select Default Groups which will then be set to user. If you change any of these settings, it will be applied to LDAP users upon their next login into Knowi.
After saving the newly created LDAP configuration, you will get LDAP login URL. This is url which your LDAP users should then use to login into Knowi.
LDAP login test
At the bottom of the LDAP configuration you will find a "Test login" button. Selecting this will present a login dialog box. Enter the login attribute values to login with an LDAP account and press Test. This will mimic all login sequence by searching for the user via the set attributes and binding it if possible. If the password is not entered (it is optional), the user will be just found using master LDAP account and not bound with a password.
This section useful if you wish to test if all LDAP configuration fields valid. After pressing Test button you will see log output showing the exact steps made by the system to connect to LDAP.
Login with LDAP
First you will need to provide the LDAP login link to your users. This link is obtained above. This link is associated with your customer account and your exact LDAP configuration. When the user uses this link, they will be presented with special login window. In "ID" field user should enter an login attribute value (corresponding to login attribute in your LDAP server). In the password field, the user should type their user LDAP password. After LOGIN the user will be granted access to Knowi.
If this is a first-time user with such an ID (the ID is setup in LDAP configuration page) then this user will be automatically created as new user in Knowi. If this is an existing user login, then they will be directed to their Knowi user account. In this case all changed fields, roles and groups will be updated from LDAP server into Knowi user account. E.g. if user name in the LDAP server was changed, this will be updated in Knowi upon login.