LDAP settings

If your organization uses LDAP to manage user accounts, you can allow users to access Digital Lab with their LDAP credentials. This section is relevant only for UFT Digital Lab and UFT Digital Lab Managed SaaS.

When using shared spaces, some settings are controlled globally by the operator. For details, see Shared space management.

Note for UFT Digital Lab Managed SaaS: The LDAP must be accessible over the internet. Add the UFT Digital Lab Managed SaaS address to your allowlist if needed.

Enable the LDAP integration

You configure the integration with LDAP in the Administration settings > LDAP integration tab. When you enable LDAP mode, the configuration for at least one LDAP server must be provided. You can add multiple LDAP server configurations, provided that the host, port, and base DN of each server is unique. If you plan to assign an LDAP group to a workspace, either the User Group membership attribute, or the Group membership attribute must be specified in the LDAP server configuration.

When the Assign users to default workspace setting is enabled in Administration settings, a user is be assigned to the Default workspace:

  • if there is no LDAP server/group assigned to the Default workspace OR
  • if an LDAP server/group is assigned to the Default workspace, and the user is included in the server/groups.

Click ADD SERVER and specify the server details, including:

Friendly Name This is the name used when displaying the details of the LDAP server, and helps you to recognize the server.
Hostname and Port Provide the hostname of IP address of the LDAP server, and the port used.
Base DN The base distinguished name identifies the section of the directory where searches start.
User search filter The User Search Filter setting indicates the form of the LDAP query used to find a user during login. It must include the pattern {0}, which is replaced with the relevant user details entered when a user logs in to Digital Lab. If you specify CN={0}, it uses the Common Name (CN) for the LDAP query. If you specify mail = {0}, the email is used.
User name attribute

The LDAP attribute to use for the display name of the user in Digital Lab.
Note: Changing this attribute is not supported. If you need to change this attribute, you need to disable the LDAP integration which removes all users.

User group membership attribute A user attribute that indicates the groups to which the user belongs, for example memberOf.
Group membership attribute

A group attribute holding the list of group members. For example, uniqueMember or member.

Users sync filter

Define a filter for which users to include when synchronizing LDAP users with Digital Lab.

The default filter (|(objectClass=person)(objectClass=user)(objectClass=organizationalPerson)) syncs all users under the Base DN. If not all users under the Base DN need access to Digital Lab, update the filter to be used for the sync.

For example, if your Base DN is defined as “DC=mf, DC=net”, and you want to sync users from OU=uk and OU=spain only, the following filter should be used for synchronizing LDAP users with Digital Lab: (&(|(objectClass=person)(objectClass=user)(objectClass=organizationalPerson))(|(distinguishedName=*,OU=uk,DC=mf,DC=net)(distinguishedName=*,OU=spain,DC=mf,DC=net)))

Notes for upgrading:

  • Important: If you are upgrading from version 3.3 or earlier, log in to Digital Lab with the default user admin@default.com. In Administration > Settings, check that the user name attribute is the same as the attribute used in the user search filter. Not performing this step may result in duplication of users.

  • If LDAP was configured before the upgrade, the LDAP server configuration remains as it was and users are able to continue to log in as usual. The friendly name for the server is Server 1.

Important: When you enable or disable LDAP mode, all existing users, excluding admin@default.com, are deleted.

For details on how to work with LDAP users, see Use Digital Lab with LDAP. To use secure LDAP (SSL), see Use secure LDAP on the Digital Lab server .

Back to top

Delete an LDAP server configuration

You can delete an LDAP server configuration by selecting the configuration and clicking REMOVE. If the server, or groups included in the LDAP server, were assigned to one or more workspaces, the assignments are removed. Users included in the server/groups are no longer be able to log in to Digital Lab.

Note that when LDAP mode is enabled, you require at least one LDAP server configuration.

Back to top

See also: