LDAP Authentication

How to allow only users of particular AD groups to authenticate?

525 views December 27, 2017 July 9, 2018 miniOrange 0

This can be done using search filter in Ldap Configuration tab. Add memberOf attribute to your search filter in LDAP configuration tab to allow members of only specific groups to sign in.

For example,
If you have to allow users of only one group use:

(&(objectClass=*)(mail=?)(memberof=<distinguished name of the group here>))

If you have to allow users of multiple groups use:

(&(objectClass=*)(mail=?)(|(memberof=<distinguished name of the first group>)(memberof=<distinguished name of the second group>)))

Was this helpful?