Carerix can use an LDAP server to verify the credentials of a user.
- Go to 'Maintenance' | 'Settings'
- Go to block LDAP (Lightweight Directory Access Protocol)
These settings are read only and can only be set by Carerix consultants.
Currently the LDAP integration has only been tested for Microsoft Active Directory servers.
- useLDAP: indication (YES/NO) whether LDAP is used
- ldapServer: the server that holds the LDAP directory
- ldapPort: the port to be used to connect to the server (by default this is 389)
- ldapUser: the user to login to the LDAP server with, that is allowed to fetch user information
- ldapPassword: the password belonging to the ldapUser (this setting is not visible on the settings page)
- ldapBaseDN: the base DN to use when fetching user information (for example dc=carerix,dc=com)
- ldapDomain: the domain of the users on the LDAP server (for example carerix.com)
- ldapMapping: the mapping of LDAP attributes to Carerix attributes, in the form of: ldapAttribute:carerixAttribute. Multiple lines (separated by newline) are possible.
When these settings are supplied, and the useLDAP setting is set to YES, LDAP is used for verifying the credentials of users with user roles >= 20 (so not contacts or candidates) as follows:
- First the user record is fetched from the Carerix database using the supplied user name from the login panel.If it is not found, access is denied. So for each LDAP user, also a Carerix user needs to be created.
- When the user record is found, a call to our LDAP service is done, using the settings and passing the user name and password from the login panel.
This service will connect to the LDAP server and verify the user and password. If ok, it will return a JSON with the user information, otherwise it will return success=false.
- When verification is successfull, the user information is parsed by Carerix and the attributes that are defined in the ldapMapping setting are used to update the Carerix user record.
- After that, the user is allowed access to Carerix.
When the useLDAP setting is set to YES, the following changes to the user interface are made:
- The password fields for the users are removed
- The link "Password forgotten" is removed from the Login panel
- The password expiry functionality is disabled
- The autologin feature is disabled
Keyword : UD-1037