- 04 Sep 2024
- 1 minute to read
LDAP server settings
- Updated on 04 Sep 2024
- 1 minute to read
Lightweight Data Access Protocol (LDAP) is a way of pulling user information from an external directory (such as Active Directory) into your Totara site. You can configure the following settings when setting up LDAP authentication on Totara.
Setting | Description | Notes |
---|---|---|
LDAP server settings | Establish the basic parameters for the LDAP server itself, including host URL, version (of the protocol being used), and LDAP encoding. | - |
Bind settings | These settings will allow the LDAP server to complete its bind operations, which authenticate clients and establish an authorised identity it can use for subsequent processes on the connection. In this case LDAP will be authorising your Totara site to access the directory information. | - |
User lookup settings | Determine how your site will interact with the directory LDAP is pointing to. You can set the user type and the context, among other settings. | - |
Force change password | Decide if you want users to change their password when they first log in to Totara, and configure the related parameters, such as password format. | - |
LDAP password expiration settings | You can choose whether to have Totara check if an LDAP password has expired, and warn users before the LDAP password expiration. If you use LDAP with other systems then you may wish to do this elsewhere. | - |
Enable user creation | These settings can be used to allow anonymous new users to self-create accounts on the LDAP server. | - |
System role mapping | Set up mappings for Totara roles when creating accounts through LDAP. | - |
User account synchronisation | Specify what to do with internal user accounts if you run a mass synchronisation and the account was removed from the external sources. | - |
NTLM SSO | If you wish to use NTLM authentication then you can enable and configure it. NTLM authentication uses MS Active Directory to authenticate users based on the credentials stored on their Windows client computer, rather than prompting for login details. | - |
Data mapping | Configure how data for various fields should be mapped across Totara and the external system. | - |