How to integrate LDAP Active Directory with on-premises application.

Hi   I am looking for steps on how to integrate LDAP with on-premises for web and native apps. any suggestions would be appreciated.   Thanks.       
1 answers

Hi Neeraj Yadav,

Here’s some useful information about how to integrate LDAP into your Mendix Project (taken from the Academy path Configure Security and Access Management):

To make the users in the required group available to your Mendix app, you can use the LDAP synchronization module. The default configuration for this module, which is usable for AD systems, can be achieved through the following steps.

  1. Import the LDAP synchronization module from the app store.

  2. Also import the Encryption and Community Commons modules as they are dependencies. See the documentation for these modules on how to set them up.

  3. Connect the layouts in the module to your own master layouts. Open the layout “Ldap.LdapDesktop” and select a new master layout in the properties pane.

  4. Connect the microflow “Ldap.OpenLdapServersOverview” to your navigation structure. This microflow opens the administration screens that will be used to set up the module later.

  5. Connect the LdapAdmin module role in the module to a suitable user role in the app. Typically, this should be a technical administrator role.

  6. Add the “Ldap.ASu_StartLdap” microflow to your app’s after startup microflow to make sure the module is started when the app starts.

The rest of the configuration can be done in the running app. To proceed, you will need connection information for the LDAP server. This can be obtained from the LDAP administrator. You will need the following information:

  • The connection URL

  • The location on the LDAP server where the users are stored. This usually takes on the form "DC=<organization>,DC=<location>"

  • Credential to use for the connection. This should be a username and password.

Follow these steps to set up the connection:

  1. Log in as a user that is allowed to access the LDAP administration page and navigate to that page.

  2. Click the “New” button to add a new LDAP configuration

  3. The various configuration options are explained on this screen. Enter the information obtained from the LDAP administrator in the corresponding fields.

  4. For an Active Directory server as in the example, tick the “Is Active Directory” server box. This enables some AD-specific behavior in the module.

  5. Tick the “Enabled” checkbox to activate the configuration.

  6. In the “LDAP type” dropdown, select “Import the users from the active directory” to use the provisioning mode of the module.

  7. In the “Map users to” dropdown, select your user account entity, which is typically “Administration.Account”.

  8. Click the “Synchronization settings” tab at the top of the page. Here you select which users will be provisioned specifically.

  9. In the “synchronization method” dropdown, select “Synchronize by group” to provision only users that are in a certain group.

  10. Click “Refresh” in the grid below to update the list of groups available in the LDAP server

  11. Select the group that contains the users you want to use in the Mendix app and click “Edit”.

  12. In the popup screen that opens, you can map the group to one or more user roles in your app. This means that users in that group will get assigned to a certain role in your app.

  13. Click the “Sychronize” checkbox to make sure this group is enabled for provisioning.

  14. Click “Save” in the popup and “Save and Close” in the main screen.

  15. Restart the app to make sure the LDAP configuration is properly loaded on start of the app.


I hope this solved your question, best regards!