Streamlining Login Process with Empress LDAP Setup

Guides & Tutorials
1

Introduction

Welcome to your guide on setting up the Lightweight Directory Access Protocol (LDAP) feature on Empress. This feature allows you to streamline your login process by using your existing LDAP credentials, simplifying user management and enhancing security for your business operations.

Introduction

LDAP is a centralized access control system that many businesses use to manage user credentials. With Empress, you can incorporate your LDAP system for unified and secure sign-in to your accounts.

Preparing for Setup

Before you begin setting up LDAP, install the necessary ldap3 Python module. This module enables the LDAP functionality within Empress. You can install this directly on your server that hosts the Empress instance. Navigate to the frappe-bench directory and execute the command: ./env/pip install ldap3.

With this step completed, you’re ready to enable LDAP in Empress.

LDAP Setup

To set up LDAP, follow this path:

Home > Integrations > LDAP Settings

You’ll need to input several parameters to connect Empress to your LDAP system:

  • LDAP Server URL: This is the address of your LDAP server. It should appear as either ldap://yourserver:port or ldaps://yourserver:port.
  • Base Distinguished Name (DN): This is the unique identifier for a user who has the permission to access user details on your LDAP server.
  • Password for Base DN: This is the password for the above user.
  • Organization Unit of Users: This is the DN of the unit that all users in your LDAP server belong to.
  • Default Role on Creation: This is the role assigned to users when they first log in to Empress.
  • LDAP Search String: This field enables Empress to match the login input with the LDAP Server. It is formatted as: LDAPFIELD={0}.
  • LDAP Email Field: This field indicates the LDAP field containing the user’s email address.
  • LDAP Username Field: This field indicates the LDAP field containing the user’s username.
  • LDAP First Name Field: This field indicates the LDAP field containing the user’s first name.

You can also map your LDAP user fields to Empress user fields such as Middle Name, Phone, and Mobile.

After inputting these settings, enable the feature by checking the Enabled box. Empress will attempt a connection to your LDAP server to verify the settings. If the connection fails, an error message will be displayed.

Upon successful setup, the Login Via LDAP option becomes available on the login screen.

LDAP Security

Empress provides security options for your LDAP connection:

  • SSL/TLS Mode: This determines if a secure TLS session is initiated when connecting to the LDAP server.
  • Require Trusted Certificate: This indicates if a trusted certificate is necessary for the LDAP connection. If required, you’ll need to provide paths to your certificate files stored on your Empress server.

LDAP Group Mappings

Empress can automatically map multiple LDAP groups to corresponding Empress roles. The LDAP Group Field should be set to memberOf to enable this feature. This ensures user permissions are updated each time a user logs in.

In conclusion, LDAP integration in Empress enhances your business processes by streamlining user management and improving your security framework. For additional support or resources, reach out to the Empress support team or visit our FAQ section.