Skip to main content
Skip table of contents

LDAP authentication


  • Name – An internal name used for identifying the particular authentication provider configuration

  • Domains  The domain names of the LDAP server. If not strict domain and the user is trying to authenticate without entering a domain in the credentials, SAFEQ Cloud will attempt to authenticate with all the domains in the list (in the order they are defined).

    Specifying the correct domain name is especially important if using the Strict domain validation feature as it is otherwise not possible to detect to which domain a user belongs.

  • Priority – A number that determines the order in which authentication providers will be called until one succeeds. Higher-priority providers will be called first.

  • Active If enabled, this authentication provider will be used for authentication. If disabled, this authentication provider will not be searched.

  • Base DN The point in the LDAP where searching will begin. Will apply to both user and group searching, if Group Base DN is empty.
  • Group Base DN Possible to specify another starting point for LDAP searching for groups. If omitted, the Base DN is used for group search.
  • Server name The actual address (DNS, hostname or IP) of the LDAP server to which SAFEQ Cloud Authentication Service will connect to search.
  • Port Port used for the LDAP service, typically 389 for non-SSL and 636 for SSL.
  • Username Username used to connect and search in the LDAP.
  • Password Password used to connect and search in the LDAP.
  • OUs or groups Choose how to identify groups, for access control management, default is “Groups”.
  • Bind type Whether to bind with Plain connection, MD5 digest, or Kerberos.
  • Enable SSL Whether connection to LDAP should use SSL encryption.
  • Custom attributes Expand custom attributes to change the LDAP attributes in which username, card ID’s, ShortID’s and similar are stored.

When using the Strict domain validation feature, make sure to set the Login attribute to userPrincipalName.

Service Which Authentication Service will communicate to this LDAP server. If no service is created, it can be added using the Add button.

Note. If you have multiple Active Directory servers, point authentication to the primary domain.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close