LDAP Integration
Overview
You can integrate the QueryPie service with an LDAP server for user authentication and user and group management.
Setting Up LDAP Integration and Synchronization in QueryPie
Navigate to Administrator > General > User Management > Authentication. From the Authentication Type field, select LDAP to enter the necessary settings for LDAP integration.
Warning
Once the authentication type is selected and users are synchronized, it is not possible to change the authentication type. To change the authentication method, please contact us through the Customer Portal.
Enter the authentication information and attribute details required for LDAP integration.
For attribute mapping, the field name refers to the QueryPie user attribute, while the value should be the attribute name referenced from LDAP.
Please refer to the LDAP Authentication & User Attribute Mapping Information section below for each field.
Use Group: To synchronize user group information and affiliation from LDAP, enable the Use Group option and enter the required information. Please refer to the LDAP Group Attribute Mappings section below for further details.
Anonymous: Set whether anonymous user authentication is allowed (True or False).
Use Synchronization with the Authentication System: Enable this option to initiate user information synchronization from the LDAP server.
Replication Frequency: Set whether to enable automatic synchronization.
Manual: Synchronization is performed only manually. User information is retrieved from the LDAP server only when the
Synchronize
button is clicked on the current page.Scheduling: Synchronization is performed periodically. The Use cron expression field is activated.
Additional Settings: Enter additional settings related to synchronization.
Make New Users Inactive by Default: Choose whether to add new users as inactive during synchronization.
If there are many users to synchronize, or if you wish to manage user access to QueryPie through individual LDAP authentication, enable this option.
Use an Attribute for Privilege Revoke: Choose whether to revoke privileges based on a specific attribute during synchronization.
If you want to automatically revoke DAC privileges based on changes to a specific LDAP attribute, enable this option.
Enter the name of the attribute to monitor for changes in the LDAP Attribute input field.
Clicking the Dry Run
button allows you to preview the results of synchronization based on the currently entered settings (without saving the entered information).
Clicking the Save Changes
button saves the entered settings to QueryPie.
Clicking the Synchronize
button performs synchronization based on the currently entered settings (this button is activated only after the settings have been saved).
Clicking the button allows you to view the previous synchronization history.
If there are any failures during individual synchronization, the Progress Bar will be displayed in yellow.
Failed logs are indicated by an icon. Click the icon to view detailed error messages.
Notice
Users and groups support one-way synchronization from LDAP to QueryPie. Synced users and groups cannot be modified or deleted within QueryPie.
Starting from version 10.2.1, user synchronization has been improved to process users and groups individually.
LDAP Authentication & User Attribute Mapping Information
The following is a list of authentication information and attribute details required for synchronizing user information from LDAP.
Attribute | Required | Description |
---|---|---|
Server URL | Required | Enter the URL value of the LDAP server you want to set up.
|
Bind DN | Required | Enter a Bind DN for LDAP server authentication.
|
Password | Required | Enter the password for LDAP server authentication. |
User Base DN | Required | Enter the Base DN value for the LDAP server's users
|
User Search Filter | Required | Enter the filter value to retrieve users.
|
Username (Formerly User ID) | Required | Enter the LDAP attribute to be used as the user's login ID.
|
Email (Formerly User Email) | Required | Enter the LDAP attribute to be used as the user's email.
|
Display Name | Optional | Enter the LDAP attribute to be used as the user's name.
|
LDAP Group Attribute Mappings
To synchronize user group information and affiliation from LDAP, enable the Use Group option and enter the following information.
Attribute | Required | Description |
---|---|---|
Group Base DN | Required | Enter the group Base DN value for the LDAP server.
|
Group Search Filter | Required | Enter the filter value to retrieve groups.
|
Membership Type | Required | If the group information is included in the user entries, select
|
If the user information is included in the group entries, select
| ||
Group ID | Required | Enter the attribute value to be used as the group identifier.
|
Login with LDAP Authentication in QueryPie
Navigate to the Administrator > General > User Management > Users or Groups menu to view the synchronized users and groups.
You can now log in by entering the LDAP authentication information in the ID and Password fields on the login page.