Skip to main content
Skip table of contents

LDAP Integration

Overview

You can integrate the QueryPie service with an LDAP server for user authentication and user and group management.

Setting Up LDAP Integration and Synchronization in QueryPie

Navigate to Administrator > General > User Management > Authentication. From the Authentication Type field, select LDAP to enter the necessary settings for LDAP integration.

Warning

Once the authentication type is selected and users are synchronized, it is not possible to change the authentication type. To change the authentication method, please contact us through the Customer Portal.

image-20240723-063144.png

Administrator > General > User Management > Authentication > LDAP

  1. Enter the authentication information and attribute details required for LDAP integration.

    1. For attribute mapping, the field name refers to the QueryPie user attribute, while the value should be the attribute name referenced from LDAP.

    2. Please refer to the LDAP Authentication & User Attribute Mapping Information section below for each field.

  2. Use Group: To synchronize user group information and affiliation from LDAP, enable the Use Group option and enter the required information. Please refer to the LDAP Group Attribute Mappings section below for further details.

  3. Anonymous: Set whether anonymous user authentication is allowed (True or False).

  4. Use Synchronization with the Authentication System: Enable this option to initiate user information synchronization from the LDAP server.

    스크린샷 2024-12-09 오후 9.37.14.png

    Administrator > General > User Management > Authentication > LDAP > Use Synchronization with the Authentication System

    1. Replication Frequency: Set whether to enable automatic synchronization.

      1. Manual: Synchronization is performed only manually. User information is retrieved from the LDAP server only when the Synchronize button is clicked on the current page.

      2. Scheduling: Synchronization is performed periodically. The Use cron expression field is activated.

    2. Additional Settings: Enter additional settings related to synchronization.

      1. Make New Users Inactive by Default: Choose whether to add new users as inactive during synchronization.

        • If there are many users to synchronize, or if you wish to manage user access to QueryPie through individual LDAP authentication, enable this option.

      2. Use an Attribute for Privilege Revoke: Choose whether to revoke privileges based on a specific attribute during synchronization.

        • If you want to automatically revoke DAC privileges based on changes to a specific LDAP attribute, enable this option.

        • Enter the name of the attribute to monitor for changes in the LDAP Attribute input field.

Clicking the Dry Run button allows you to preview the results of synchronization based on the currently entered settings (without saving the entered information).

Clicking the Save Changes button saves the entered settings to QueryPie.

Clicking the Synchronize button performs synchronization based on the currently entered settings (this button is activated only after the settings have been saved).

Clicking the image-20241209-124345.pngbutton allows you to view the previous synchronization history.

  • If there are any failures during individual synchronization, the Progress Bar will be displayed in yellow.

  • Failed logs are indicated by an (오류) icon. Click the icon to view detailed error messages.

Notice

  • Users and groups support one-way synchronization from LDAP to QueryPie. Synced users and groups cannot be modified or deleted within QueryPie.

  • Starting from version 10.2.1, user synchronization has been improved to process users and groups individually.

LDAP Authentication & User Attribute Mapping Information

The following is a list of authentication information and attribute details required for synchronizing user information from LDAP.

Attribute

Required

Description

Server URL

Required

Enter the URL value of the LDAP server you want to set up.

  • ex. ldaps://ldap.example.com

Bind DN

Required

Enter a Bind DN for LDAP server authentication.

  • ex. cn=admin,dc=Idap,dc=querypie,dc=io

Password

Required

Enter the password for LDAP server authentication.

User Base DN

Required

Enter the Base DN value for the LDAP server's users

  • ex. dc=example, dc=com

User Search Filter

Required

Enter the filter value to retrieve users.

  • ex. objectclass=inetOrgPerson

Username (Formerly User ID)

Required

Enter the LDAP attribute to be used as the user's login ID.

  • Synchronization will fail if duplicate or empty values are found.

  • ex. uid, cn

Email (Formerly User Email)

Required

Enter the LDAP attribute to be used as the user's email.

  • Synchronization will fail if duplicate or empty values are found.

  • ex. mail

Display Name

Optional

Enter the LDAP attribute to be used as the user's name.

  • If the field is blank, the system will retrieve the value by searching in the order of displayName → cn.

  • If a value is entered in the field, the system will retrieve the value from the specified attribute.

    • Duplicates are allowed.

    • Synchronization will fail if empty values are found.

LDAP Group Attribute Mappings

To synchronize user group information and affiliation from LDAP, enable the Use Group option and enter the following information.

Attribute

Required

Description

Group Base DN

Required

Enter the group Base DN value for the LDAP server.

  • ex. dc=example, dc=com

Group Search Filter

Required

Enter the filter value to retrieve groups.

  • ex. objectclass=posixGroup

Membership Type

Required

If the group information is included in the user entries, select Include group information in user entries and enter the reference attribute in the field below.

  • ex. member, uniqueMember, memberUid

If the user information is included in the group entries, select Include user information in group entries and enter the reference attribute in the field below.

  • ex. gIdNumber

Group ID

Required

Enter the attribute value to be used as the group identifier.

  • ex. gidnumber

Login with LDAP Authentication in QueryPie

  1. Navigate to the Administrator > General > User Management > Users or Groups menu to view the synchronized users and groups.

    스크린샷 2024-12-09 오후 9.59.40.png

    Admin > General > User Management > Users

  1. You can now log in by entering the LDAP authentication information in the ID and Password fields on the login page.

image-20240723-063737.png

QueryPie Log In

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.