LDAP
Last updated
Was this helpful?
Last updated
Was this helpful?
The following is the detailed technical guide to configuring LDAP (Lightweight Directory Access Protocol) for user authentication in Tellius. By integrating LDAP, you can centralize user management, securely authenticate users, control access, and manage roles within Tellius.
Tellius follows a specific workflow when interacting with the LDAP server to authenticate users and create their accounts.
Users are created within Tellius at the time of their first login. The LDAP system validates the user credentials, and Tellius automatically creates an internal user record using the LDAP attributes defined during the configuration.
There is no risk of creating duplicate users. Tellius uses the mapped username (usually cn or uid) to check for existing users in the system before creating a new account. If a user already exists in Tellius with the same username attribute (e.g., cn or mail), Tellius will not create a duplicate.
Click on the user icon in the bottom left corner and navigate to Settings → Security → Authentication and choose LDAP from the "Authenticate via" dropdown. The following screen will be displayed
Under General Settings, fill the following fields:
Enable LDAP Toggle the switch to enable LDAP for authentication. When enabled, the system will attempt to authenticate users against the configured LDAP directory before considering internal Tellius authentication methods.
URL (LDAP server address)
Enter the full URL for the LDAP server. The format should be ldap://<hostname>:<port>.
Example:ldap://ldap.example.com:389
Port
Enter the port number on which the LDAP service is running. The default port is 389 for non-SSL and 636 for SSL (LDAPS).
Bind User
Specify the distinguished name (DN) of the user that will bind to the LDAP directory to perform queries. This account should have read access to the LDAP directory. Example: cn=admin,dc=example,dc=com
Bind Password Enter the password for the Bind User to authenticate with the LDAP server.
Search Base
Define the distinguished name (DN) of the entry in the LDAP directory from which searches for user accounts will begin. This base DN acts as the root context for any search operations.
Example: ou=users,dc=example,dc=comThis DN specifies the Organizational Unit (OU) or domain under which the user entries exist. The search will be limited to this subtree.
Query Provide a specific LDAP query to filter the users that should be imported or authenticated. This is useful when you only want to target specific user objects. Example: (objectClass=inetOrgPerson) This filter limits the search to users who are organizational persons.
LDAP provides standard attributes for user identification, which can be mapped (optionally) to fields in Tellius. Proper attribute mapping ensures that user information is synchronized correctly between the LDAP directory and Tellius.
Under Mappings (Optional), provide the following fields:
Username Mapping
Enter the LDAP attribute that should be used as the Tellius username. This is typically cn (common name) or uid, depending on your directory schema.
Email Mapping
Enter the LDAP attribute that corresponds to the user's email address. This is typically mail.
First Name Mapping
Enter the LDAP attribute that contains the user's first name. In most directories, this is givenName.
Last Name Mapping
Enter the LDAP attribute for the user's last name. This is typically sn (surname).
Use TLS Toggle this setting to enable TLS for secure LDAP communication. TLS ensures that all data exchanged between Tellius and the LDAP server is encrypted.
To configure LDAPS, upload the SSL certificate to the LDAP server and enable the Use TLS setting in Tellius. The server must support ldaps:// on port 636.
Default User Role Choose the default user role for LDAP-authenticated users. This role defines the permissions users will have in the system. Available roles are typically predefined within Tellius.
Click on Save to commit all the details provided. Or click on Delete to dismiss.
