Skip to main content

LDAP Connection Setup

This guide provides instructions on setting up LDAP integration with Next Plus and mapping user roles from Active Directory (AD).

Asaf Cohen avatar
Written by Asaf Cohen
Updated over a month ago

This guide provides detailed instructions on setting up LDAP (Lightweight Directory Access Protocol) integration with Next Plus and mapping user roles from Active Directory (AD) groups.

Overview

LDAP centralizes user management, authentication, and enhances security by maintaining a consistent directory service across your organization. Integrating LDAP with Next Plus ensures unified user management, streamlined access control, and reduced administrative overhead.

Access LDAP configuration via Settings → Security → Authentication → LDAP.

LDAP Configuration

General Settings

  • Enabled: Activate or deactivate LDAP authentication.

  • Domain Controllers: List IP addresses or hostnames for LDAP servers (multiple entries allowed for redundancy).

  • Port: Typically 389 (unencrypted/STARTTLS) or 636 (LDAPS).

  • Encryption: Select between LDAPS (recommended) or None.

  • Allow Self Signed Certificate: Enable only for test environments with self-signed certificates.

Base Configuration

  • Base DN: Root DN to start LDAP searches (e.g., dc=domain,dc=com).

  • Default Email Domain: Appended to usernames lacking an email attribute (e.g., company.com).

Authentication

  • Service Account Username: LDAP account with read permissions (e.g., [email protected]).

  • Service Account Password: Password for the service account.

Attribute Mapping

Map LDAP attributes to Next Plus user fields:

  • Username: sAMAccountName

  • Display Name: displayName

  • Email: mail

  • First Name: givenName

  • Last Name: sn

  • Groups: memberOf

Active Directory Role Mapping

Roles in Next Plus control user permissions and activities within the application. AD integration allows these roles to be mapped directly to AD groups, ensuring seamless permission management.

Next Plus Role

Description

Typical AD Group Members

Sysadmin

Unrestricted system-wide access

IT/IS teams managing full system setup and oversight

Admin

User account and system settings management

IT/IS teams managing user permissions and policies

Editor

Content, forms, workflow creation, and management

Engineering, R&D, technical writers, SOP managers

Operator

Daily operational tasks and data entry

Front-line workers, production managers, QC staff

Viewer

Read-only access for reports and SOPs

Auditors, managers, executives

Refer to the User Permission Levels Guide for detailed role descriptions.

Role and Group Mapping

  • Role Mapping: Assign Next Plus roles based on LDAP/AD group memberships.

  • Group Mapping: Align Next Plus internal groups with LDAP/AD groups to streamline user organization and permissions.

Synchronization Processes

Synchronization between LDAP/AD and Next Plus can be configured as follows:

  • Once Daily: Automatic daily sync ensures regular updates.

  • Upon Saving Settings: Immediate synchronization whenever LDAP settings change.

  • On User Sign-In: Updates user-specific information at login.

Saving and Testing

  • Click Save after configuring.

  • Test connections by logging in with LDAP/AD credentials.

  • Verify firewall/network settings for proper communication.

Additional Notes

  • Always verify LDAP/AD configurations thoroughly.

  • Define conflict resolution clearly between Next Plus and directory data.

  • Regularly review and test role/group mappings to maintain security and proper access.

Did this answer your question?