Share this page
LDAP settings
If your organization uses LDAP to manage user accounts, you can allow users to access UFT Mobile with their LDAP credentials.
When using shared spaces, some settings are controlled globally by the operator. For details, see Shared space management (on-premises).
Note for UFT Mobile SaaS: The LDAP must be accessible over the internet. Add the UFT Mobile SaaS address to your allowlist if needed.
Enable the LDAP integration
You configure the integration with LDAP in the Administration settings > LDAP integration tab. When you enable LDAP mode, the configuration for at least one LDAP server must be provided. You can add multiple LDAP server configurations, provided that the host, port, and base DN of each server is unique. If you plan to assign an LDAP group to a workspace, either the User Group membership attribute, or the Group membership attribute must be specified in the LDAP server configuration.
When the Assign users to default workspace setting is enabled in Administration settings, a user will be assigned to the Default workspace:
- if there is no LDAP server/group assigned to the Default workspace OR
- if an LDAP server/group is assigned to the Default workspace, and the user is included in the server/groups.
Click ADD SERVER and specify the server details, including:
| Friendly Name | This is the name used when displaying the details of the LDAP server, and helps you to recognize the server. |
| Hostname and Port | Provide the hostname of IP address of the LDAP server, and the port used. |
| Base DN | The base distinguished name identifies the section of the directory where searches start. |
| User search filter | The User Search Filter setting indicates the form of the LDAP query used to find a user during login. It must include the pattern {0}, which is replaced with the relevant user details entered when a user logs in to UFT Mobile. If you specify CN={0}, it uses the Common Name (CN) for the LDAP query. If you specify mail = {0}, the email is used. |
| User name attribute |
The LDAP attribute to use for the display name of the user in UFT Mobile. |
| User group membership attribute | A user attribute that indicates the groups to which the user belongs, for example memberOf. |
| Group membership attribute |
A group attribute holding the list of group members. For example, uniqueMember or member. |
| Users sync filter |
Define a filter for which users to include when synchronizing LDAP users with UFT Mobile. The default filter (|(objectClass=person)(objectClass=user)(objectClass=organizationalPerson)) syncs all users under the Base DN. If not all users under the Base DN need access to UFT Mobile, update the filter to be used for the sync. |
Notes for upgrading:
-
Important: If you are upgrading from version 3.3 or earlier, log in to UFT Mobile with the default user admin@default.com. In Administration > SETTINGS, check that the user name attribute is the same as the attribute used in the user search filter. Not performing this step may result in duplication of users.
- If LDAP was configured before the upgrade, the LDAP server configuration will remain as it was and users will be able to continue to log in as usual. The friendly name for the server will be Server 1.
Important: When you enable or disable LDAP mode, all existing users, excluding admin@default.com, are deleted.
For details on how to work with LDAP users, see Use UFT Mobile with LDAP. To use secure LDAP (SSL), see Use secure LDAP on the UFT Mobile server .
Delete an LDAP server configuration
You can delete an LDAP server configuration by selecting the configuration and clicking REMOVE. If the server, or groups included in the LDAP server, were assigned to one or more workspaces, the assignments will be removed. Users included in the server/groups will no longer be able to log in to UFT Mobile.
Note that when LDAP mode is enabled, you require at least one LDAP server configuration.
See also:
