Login
    Contents x
    Integrating LDAP
    • 12 Mar 2024
    • 3 Minutes to read
    Contents

    Integrating LDAP

    • Updated on 12 Mar 2024
    • 3 Minutes to read
    Article Summary

    What you need to integrate LDAP

    A LDAP-compatible directory service server and the following information:

    • The Directory Server Public IP/DNS Name
    • The Directory Server Public Port Number
    • User Full Name Attribute Name for all your directory users
    • User Email Attribute Name for all your directory users
    • Admin user with at least read and search permissions for all users you want to authenticate
    Your directory users must have an email attribute

    If your directory user profiles don't have a valid email attribute, the LDAP integration won't work with Nexudus.

    LDAP Integration Settings

    An important setting that you need to consider before enabling the integration is the option to Create new users in Nexudus if they don't exist.

    LDAP_NewUserToggle.png

    Create new users in Nexudus if they don't exist OFF

    Users trying to log in using their directory credentials (email + password) will only be able to access the Members Portal if they already have a customer account in Nexudus.

    Example
    A user has the following directory credentials:

    email- name@example.com
    password - example123

    If the user trying to log in to the Members Portal using these directory credentials doesn't already have a customer account in Nexudus with name@example.com as their email address, they won't be able to log in.

    The user's email address in Nexudus must match their email address in the directory.

    Create new users in Nexudus if they don't exist ON

    Users trying to log in to the Members Portal using their directory credentials (name/email + password) will be able to log in to the Members Portal, whether or not they already have a customer account in Nexudus.

    If they happen to not have a customer account yet, Nexudus will automatically create a customer account (contact) for them using their username and email address from the directory.

    Example

    A user has the following directory credentials:

    name- Customer Name
    email- customername@example.com
    password - example123

    When they try to log in to the Members Portal using these directory credentials, Nexudus will check if they already have a customer account.

    If they don't have a customer account yet, Nexudus will create an account for them with Customer Name as their name and customername@example.com as their email address.

    When the Create new users in Nexudus if they don't exist toggle is ON, any user with valid directory credentials will technically be able to log in to the Members Portal, as long as they are in the container you have specified in the Search pattern field below.
    Customers created via the integration will never receive a welcome email with Nexudus credentials.

    Enabling the LDAP Integration

    1. Log in to dashboard.nexudus.com if you aren't already.

    2. Click Settings > Integrations > LDAP.

    3. Enable the LDAP integration toggle.

    4. Enable the Create new users if they don't exist if you want to regsiter directory users who don't have a Nexudus account as contacts.

    5. Add your directory's public IP in the Server IP/host field.

    6. Add your directory's server public port in the Server Port field.

    7. Add the full path of the user you want to use to connect to your LDAP server in the Bind expression field.

    This path must match a single user in your directory with at least read and search permissions for all users you would like to be able to authenticate.

    For example "CN=read-only-admin,ou=Users,dc=example,dc=com"

    1. Add the path to the container holding the users to authenticate in the Search expression field.

    For example, "dc=example,dc=com".

    Nexudus will try to locate a user in this container by performing a LDAP search using "({mail_attribute_name}={email})" search string.

    1. Add the password for the user above in the Password field.

    2. Add the name of your directory's FullName attribute in the Full name attribute name field.

    This defaults to cn as it is the most common value.

    1. Add the name of your directory's Email attribute in the Email attribute name field.

    This defaults to email as it is the most common value.

    This value will be used as the {mailattributename} variable when Nexudus does a LDAP search.

    1. Click the Save Changes button.

    You've successfully enabled the LDAP integration. We recommend you test the integration by trying to log in to your Members Portal using some directory user credentials.

    IP Whitelisting

    Connections to your LDAP directory server will always originate from one of the following IPs.
    • 54.154.122.253
    • 3.250.12.187
    • 3.250.115.120
    • 34.244.119.216
    • 54.75.93.166
    • 52.18.33.224

    While Nexudus will always connect to your directory server over TLS 1.1 or 1.2, we strongly recommend you set your network policies to only allow connections from the following IPs.


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout