LDAP Authentication

How to allow only users of particular AD groups to authenticate?

99 views December 27, 2017 July 9, 2018 0

This can be done using search filter in Ldap Configuration tab. Add memberOf attribute to your search filter in LDAP configuration tab to allow members of only specific groups to sign in.

For example,
If you have to allow users of only one group use:

(&(objectClass=*)(mail=?)(memberof=<distinguished name of the group here>))

If you have to allow users of multiple groups use:

(&(objectClass=*)(mail=?)(|(memberof=<distinguished name of the first group>)(memberof=<distinguished name of the second group>)))

Was this helpful?