Enable LDAP and sync teams and users¶
Once you enable LDAP you can sync your LDAP directory to the teams and users that are present in MKE.
To enable LDAP and sync to your LDAP directory:
Log in to the MKE web UI as an MKE administrator.
Under your user name drop-down, click Admin Settings > Authentication & Authorization.
Scroll down and click Enabled next to LDAP. A list of LDAP settings displays.
Enter the values that correspond with your LDAP server installation.
Test your configuration in MKE.
Create a team in MKE to mirror your LDAP directory.
Select ENABLE SYNC TEAM MEMBERS.
Choose between the following two methods for matching group members from an LDAP directory. Refer to the table below for more information.
Select LDAP MATCH METHOD to change the method for matching group members in the LDAP directory from Match Search Results (default) to Match Group Members. Fill out Group DN and Group Member Attribute as required.
Keep the default Match Search Results method and fill out Search Base DN, Search filter, and Search subtree instead of just one level as required.
Optional. Select Immediately Sync Team Members to run an LDAP sync operation immediately after saving the configuration for the team.
Optional. To allow non-LDAP team members to sync the LDAP directory, select Allow non-LDAP members.
you do not select Allow non-LDAP members, manually-added and SAML users will be removed during the LDAP sync.
There are two methods for matching group members from an LDAP directory:
Match Group Members (direct bind)
Specifies that team members are synced directly with members of a group in the LDAP directory of your organization. The team membership is synced to match the membership of the group.
Match Search Results (search bind)
Specifies that team members are synced using a search query against the LDAP directory of your organization. The team membership is synced to match the users in the search results.