--- title: "Integrating LDAP" slug: "integrating-ldap" updated: 2024-03-12T11:00:05Z published: 2024-03-12T11:00:05Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nexudus.com/llms.txt > Use this file to discover all available pages before exploring further. # Integrating LDAP ## What you need to integrate LDAP A LDAP-compatible directory service server and the following information: - The **Directory Server Public IP/DNS Name** - The **Directory Server Public Port Number** - User **Full Name Attribute Name** for all your directory users - User **Email Attribute Name** for all your directory users - Admin user with at least **read** and **search** permissions for all users you want to authenticate Your directory users must have an **email** attribute If your directory user profiles don't have a valid **email** attribute, the LDAP integration won't work with Nexudus. ## LDAP Integration Settings An important setting that you need to consider before enabling the integration is the option to **Create new users in Nexudus if they don't exist**. ![LDAP_NewUserToggle.png](https://cdn.document360.io/4f9a66c7-3dbb-4052-97d8-5439302e1512/Images/Documentation/LDAP_NewUserToggle.png) #### *Create new users in Nexudus if they don't exist* **OFF** Users trying to log in using their directory credentials (email + password) will only be able to access the Members Portal if they already have a customer account in Nexudus. **Example** *A user has the following directory credentials:* *email*- **name@example.com** *password* - example123 *If the user trying to log in to the Members Portal using these directory credentials doesn't already have a customer account in Nexudus with **name@example.com** as their email address, they won't be able to log in.* The user's email address in Nexudus must match their email address in the directory. #### *Create new users in Nexudus if they don't exist* **ON** Users trying to log in to the Members Portal using their directory credentials (name/email + password) will be able to log in to the Members Portal, whether or not they already have a customer account in Nexudus. If they happen to not have a customer account yet, Nexudus will automatically create a customer account (contact) for them using their username and email address from the directory. **Example** *A user has the following directory credentials:* *name*- **Customer Name** *email*- **customername@example.com** *password* - example123 *When they try to log in to the Members Portal using these directory credentials, Nexudus will check if they already have a customer account.* *If they don't have a customer account yet, Nexudus will create an account for them with **Customer Name** as their name and **customername@example.com** as their email address.* When the *Create new users in Nexudus if they don't exist* toggle is ON, any user with valid directory credentials will technically be able to log in to the Members Portal, as long as they are in the container you have specified in the **Search pattern** field below. Customers created via the integration will never receive a welcome email with Nexudus credentials. ## Enabling the LDAP Integration 1. Log in to [dashboard.nexudus.com](https://dashboard.nexudus.com/) if you aren't already. 2. Click **Settings > Integrations > LDAP**. 3. Enable the **LDAP integration** toggle. 4. Enable the **Create new users if they don't exist** if you want to regsiter directory users who don't have a Nexudus account as contacts. 5. Add your directory's public IP in the **Server IP/host** field. 6. Add your directory's server public port in the **Server Port** field. 7. Add the full path of the user you want to use to connect to your LDAP server in the **Bind expression** field. This path must match a single user in your directory with at least read and search permissions for all users you would like to be able to authenticate. *For example "CN=read-only-admin,ou=Users,dc=example,dc=com"* 1. Add the path to the container holding the users to authenticate in the **Search expression** field. *For example, "dc=example,dc=com"*. Nexudus will try to locate a user in this container by performing a LDAP search using **"({mail_attribute_name}={email})"** search string. 1. Add the password for the user above in the **Password** field. 2. Add the name of your directory's *FullName attribute* in the **Full name attribute name** field. *This defaults to **cn** as it is the most common value.* 1. Add the name of your directory's *Email attribute* in the **Email attribute name** field. *This defaults to **email** as it is the most common value.* *This value will be used as the **{mailattributename}** variable when Nexudus does a LDAP search.* 1. Click the **Save Changes** button. You've successfully enabled the LDAP integration. We recommend you test the integration by trying to log in to your Members Portal using some directory user credentials. ## IP Whitelisting Connections to your LDAP directory server will always originate from one of the following IPs. - **54.154.122.253** - **3.250.12.187** - **3.250.115.120** - **34.244.119.216** - **54.75.93.166** - **52.18.33.224** While Nexudus will always connect to your directory server over **TLS 1.1** or **1.2**, we strongly recommend you set your network policies to only allow connections from the following IPs.