Enable LDAP and sync teams and users

Essential to MSR authentication and authorization is the enablement of LDAP and the subsequent syncing of your LDAP directory to your MSR-created teams and users.

To enable LDAP and sync to your LDAP directory:

  1. Log in to the MSR web UI.

  2. In the left-side navigation panel, navigate to System to display the General tab.

  3. Scroll down the page to the Auth Settings section and select Click here to configure auth settings. The right pane will display Authentication & Authorization in the details pane.

  4. In the Identity Provider Integration section, move the slider next to LDAP to enable the LDAP settings.

  5. Enter the values that correspond with your LDAP server installation.

  6. Test your configuration in MSR.

  7. Create a team in MSR to mirror your LDAP directory.

  8. Select ENABLE SYNC TEAM MEMBERS.

  9. Choose between the following two methods for matching group members from an LDAP directory. Refer to the table below for more information.

    • Select LDAP MATCH METHOD to change the method for matching group members in the LDAP directory from Match Search Results (default) to Match Group Members. Fill out Group DN and Group Member Attribute as required.

    • Keep the default Match Search Results method and fill out Search Base DN, Search filter, and Search subtree instead of just one level, as required.

  10. Optional. Select Immediately Sync Team Members to run an LDAP sync operation immediately after saving the configuration for the team.

  11. Click Create.


You can match group members from an LDAP directory either by matching group members or by matching search results:

Bind method

Description

Match Group Members (direct bind)

Specifies that team members are synced directly with members of a group in the LDAP directory of your organization. The team membership is synced to match the membership of the group.

Group DN

The distinguished name of the group from which you select users.

Group Member Attribute

The value of this group attribute corresponds to the distinguished names of the members of the group.

Match Search Results (search bind)

Specifies that team members are synced using a search query against the LDAP directory of your organization. The team membership is synced to match the users in the search results.

Search Base DN

The distinguished name of the node in the directory tree where the search starts looking for users.

Search filter

Filters to find users. If empty, existing users in the search scope are added as members of the team.

Search subtree instead of just one level

Defines search through the full LDAP tree, not just one level, starting at the base DN.