LDAP Authentication

How to allow only users of particular AD groups to authenticate?

1039 views July 9, 2018 4

This can be done using search filter in Ldap Configuration tab. Add memberOf attribute to your search filter in LDAP configuration tab to allow members of only specific groups to sign in.

For example,
If you have to allow users of only one group use:

(&(objectClass=*)(mail=?)(memberof=<distinguished name of the group here>))

If you have to allow users of multiple groups use:

(&(objectClass=*)(mail=?)(|(memberof=<distinguished name of the first group>)(memberof=<distinguished name of the second group>)))

Was this helpful?