This guide provides detailed instructions on setting up LDAP (Lightweight Directory Access Protocol) integration with Next Plus and mapping user roles from Active Directory (AD) groups.
Overview
LDAP centralizes user management, authentication, and enhances security by maintaining a consistent directory service across your organization. Integrating LDAP with Next Plus ensures unified user management, streamlined access control, and reduced administrative overhead.
Access LDAP configuration via Settings → Security → Authentication → LDAP.
LDAP Configuration
General Settings
Enabled: Activate or deactivate LDAP authentication.
Domain Controllers: List IP addresses or hostnames for LDAP servers (multiple entries allowed for redundancy).
Port: Typically 389 (unencrypted/STARTTLS) or 636 (LDAPS).
Encryption: Select between LDAPS (recommended) or None.
Allow Self Signed Certificate: Enable only for test environments with self-signed certificates.
Base Configuration
Base DN: Root DN to start LDAP searches (e.g.,
dc=domain,dc=com
).Default Email Domain: Appended to usernames lacking an email attribute (e.g.,
company.com
).
Authentication
Service Account Username: LDAP account with read permissions (e.g.,
[email protected]
).Service Account Password: Password for the service account.
Attribute Mapping
Map LDAP attributes to Next Plus user fields:
Username:
sAMAccountName
Display Name:
displayName
Email:
mail
First Name:
givenName
Last Name:
sn
Groups:
memberOf
Active Directory Role Mapping
Roles in Next Plus control user permissions and activities within the application. AD integration allows these roles to be mapped directly to AD groups, ensuring seamless permission management.
Next Plus Role | Description | Typical AD Group Members |
Sysadmin | Unrestricted system-wide access | IT/IS teams managing full system setup and oversight |
Admin | User account and system settings management | IT/IS teams managing user permissions and policies |
Editor | Content, forms, workflow creation, and management | Engineering, R&D, technical writers, SOP managers |
Operator | Daily operational tasks and data entry | Front-line workers, production managers, QC staff |
Viewer | Read-only access for reports and SOPs | Auditors, managers, executives |
Refer to the User Permission Levels Guide for detailed role descriptions.
Role and Group Mapping
Role Mapping: Assign Next Plus roles based on LDAP/AD group memberships.
Group Mapping: Align Next Plus internal groups with LDAP/AD groups to streamline user organization and permissions.
Synchronization Processes
Synchronization between LDAP/AD and Next Plus can be configured as follows:
Once Daily: Automatic daily sync ensures regular updates.
Upon Saving Settings: Immediate synchronization whenever LDAP settings change.
On User Sign-In: Updates user-specific information at login.
Saving and Testing
Click Save after configuring.
Test connections by logging in with LDAP/AD credentials.
Verify firewall/network settings for proper communication.
Additional Notes
Always verify LDAP/AD configurations thoroughly.
Define conflict resolution clearly between Next Plus and directory data.
Regularly review and test role/group mappings to maintain security and proper access.