LDAP Settings
Overview
LDAP Settings – Business Overview
LDAP Settings is a system-level document used to connect Dafater with your organization’s central employee directory. This allows employees to use their existing corporate usernames and passwords to access Dafater, instead of managing separate login credentials.
From a business perspective, LDAP Settings helps standardize user access, strengthen security, and reduce administrative effort related to user account management.
What LDAP Settings Is Used for in Business Operations
LDAP Settings is used to: - Enable single, centralized login for employees using the company’s existing directory - Reduce the need for creating and maintaining separate user accounts in Dafater - Ensure only authorized employees can access Dafater - Support company-wide security and compliance policies
In short, it aligns Dafater’s user access with your organization’s official employee records.
Prerequisites and Setup Requirements
Before using LDAP Settings, the business should ensure: - The organization already uses a central employee directory (commonly managed by IT) - Employee records in the directory are up to date and actively maintained - Internal approval from IT and security teams to connect Dafater to the directory - Clear policies defining who should have access to Dafater and at what level
LDAP Settings is usually configured once during initial setup and reviewed periodically.
Typical Workflow and Business Fit
Initial Setup
- IT or system administrators define how Dafater should recognize employees from the company directory using LDAP Settings.
Employee Login
- Employees sign in to Dafater using their regular company credentials.
- No separate password is required for Dafater.
Ongoing User Management
- When an employee joins, changes roles, or leaves the company, access to Dafater is automatically aligned with the central directory.
- This reduces manual intervention by HR or administrators.
Periodic Review
- LDAP Settings are reviewed during audits, security reviews, or major organizational changes.
This workflow ensures smooth integration between Dafater and the organization’s people management processes.
Key Business Scenarios Where LDAP Settings Is Essential
- Medium to large organizations with many employees
- Companies with frequent hiring, transfers, or exits
- Organizations with strict security and compliance requirements
- Businesses aiming to reduce helpdesk requests related to password resets
- Enterprises using Dafater across multiple departments or locations
In these scenarios, LDAP Settings ensures controlled, scalable, and secure access.
Important Considerations for Users
- LDAP Settings is a system-level document and should be managed carefully
- Changes can affect all users’ ability to log in
- Coordination with IT and security teams is critical before making updates
- Proper testing is recommended before applying changes in live operations
- If the central directory is unavailable, login access may be affected
Business Value Summary
LDAP Settings helps organizations: - Improve security and compliance - Reduce administrative workload - Simplify employee access to Dafater - Maintain consistency between HR records and system access
It is a foundational document for organizations that want Dafater to operate as part of a broader, well-governed digital workplace.
Basic Information
- Module: Integrations
- Document Type: System
- Type: Single (Configuration)
Fields
| Field Name | Label | Type | Required | Options | Description |
|---|---|---|---|---|---|
| enabled | Enabled | Check | - | Enable or disable LDAP authentication integration in Dafater | |
| ldapdirectoryserver | Directory Server | Select | ✓ | , Active Directory, OpenLDAP, Custom | Select directory server type used for authentication |
| ldapserverurl | LDAP Server Url | Data | ✓ | - | LDAP server connection URL for directory access |
| base_dn | Base Distinguished Name (DN) | Data | ✓ | - | Base distinguished name for LDAP directory searches |
| password | Password for Base DN | Password | ✓ | - | Password for authenticating base distinguished name |
| ldapsearchpath_user | LDAP search path for Users | Data | ✓ | - | LDAP path where user records are searched |
| ldapsearchstring | LDAP Search String | Data | ✓ | - | Search filter to identify users in LDAP |
| ldapsearchpath_group | LDAP search path for Groups | Data | ✓ | - | LDAP path where group records are searched |
| ldapemailfield | LDAP Email Field | Data | ✓ | - | LDAP attribute mapped to user email address |
| ldapusernamefield | LDAP Username Field | Data | ✓ | - | LDAP attribute mapped to Dafater username |
| ldapfirstname_field | LDAP First Name Field | Data | ✓ | - | LDAP attribute mapped to user first name |
| donotcreatenewuser | Do Not Create New User | Check | - | Prevent automatic creation of new Dafater users | |
| ldapmiddlename_field | LDAP Middle Name Field | Data | - | LDAP attribute mapped to user middle name | |
| ldaplastname_field | LDAP Last Name Field | Data | - | LDAP attribute mapped to user last name | |
| ldapphonefield | LDAP Phone Field | Data | - | LDAP attribute mapped to user phone number | |
| ldapmobilefield | LDAP Mobile Field | Data | - | LDAP attribute mapped to user mobile number | |
| ssltlsmode | SSL/TLS Mode | Select | Off, StartTLS | Define SSL or StartTLS usage for LDAP connection | |
| requiretrustedcertificate | Require Trusted Certificate | Select | ✓ | No, Yes | Enforce trusted certificates for secure LDAP connections |
| localprivatekey_file | Path to private Key File | Data | - | File path to local private key | |
| localservercertificate_file | Path to Server Certificate | Data | - | File path to local server certificate | |
| localcacerts_file | Path to CA Certs File | Data | - | File path to certificate authority certificates | |
| ldapgroupobjectclass | Group Object Class | Data | - | LDAP object class used to identify groups | |
| ldapcustomgroup_search | Custom Group Search | Data | - | Custom LDAP query for retrieving groups | |
| ldapgroupmember_attribute | LDAP Group Member attribute | Data | - | LDAP attribute defining group membership | |
| defaultusertype | Default User Type | Link | ✓ | User Type | Default Dafater user type for LDAP users |
| default_role | Default User Role | Link | Role | Default role assigned to newly synced users | |
| ldap_groups | LDAP Group Mappings | Table | LDAP Group Mapping | Map LDAP groups to Dafater roles | |
| ldapgroupfield | LDAP Group Field | Data | - | LDAP attribute containing group name or identifier |
Child Tables
LDAP Group Mappings (LDAP Group Mapping)
| Field Name | Label | Type | Required | Options | Description |
|---|---|---|---|---|---|
| ldap_group | LDAP Group | Data | ✓ | - | External LDAP group name used for authentication mapping in Dafater |
| dafater_role | User Role | Link | ✓ | Role | Dafater role assigned to users belonging to this LDAP group |
Permissions
| Role | Read | Write | Create | Delete | Submit | Cancel |
|---|---|---|---|---|---|---|
| System Manager | ✓ | ✓ | ✓ | ✓ |
Related DocTypes
| DocType | Relationship | Module |
|---|---|---|
| Role | Links to | Core |
| User Type | Links to | Core |