Skip to content

ALD Pro Connection Setup

This article is an example of LDAP connection setup.

This instruction applies to Enterprise and On-Premise versions. Tested on ALD Pro version 2.4.0.

Prerequisites

Before configuring the connection, it is recommended to create a separate user account that will be used to read the LDAP database. To do this, connect to the machine with ALD Pro and perform the following steps:

  • Create a file named srv-gitflic-bind.update with the following content:
dn: uid=srv-gitflic-bind,cn=sysaccounts,cn=etc,dc=test,dc=lan
add:objectclass: account
add:objectclass: simplesecurityobject
add:uid: srv-gitflic-bind
add:userPassword: securePassword
add:passwordExpirationTime: 20380119031407Z
add:nsIdleTimeout: 0

You need to replace "dc=test,dc=lan" with your domain parameters, and securePassword with the desired account password.

  • Next, run the command:
kinit admin && ipa-ldap-updater srv-gitflic-bind.update && rm srv-gitflic-bind.update

The created user is not a POSIX user, does not have rights to log in to domain computers, and is not displayed in the ALD Pro management portal. The user has read-only rights to LDAP.

Connection Setup

To connect ALD Pro as an authorization provider in GitFlic, fill in the fields as shown below.

"LDAP server address" and "LDAP server port" should match your LDAP server address.

The DN of the user used to read the LDAP database should follow this pattern:

uid=admin,cn=users,cn=accounts,dc=your-domain,dc=ru

This value is the default when deploying ALD Pro.

Enter the user password as specified for the created user.

LDAP Connection Users

  • Default BaseDn for user search: cn=users,cn=accounts,dc=your-domain,dc=ru
  • LDAP attribute for user email: mail
  • LDAP attribute for user login: uid
  • LDAP attribute for user first name: leave blank
  • LDAP attribute for user last name: leave blank

LDAP Connection Groups

This feature is available only in the Enterprise version.

  • Enable group synchronization: Check selected
  • GroupDN: cn=groups,cn=accounts,dc=your-domain,dc=ru
  • User id attribute: uid
  • Group name attribute: cn
  • Attribute for searching group members: member

After filling in all fields, click the save button at the bottom of the page.

Automated translation!

This page was translated using automatic translation tools. The text may contain inaccuracies.