⚠️ Note: LDAP integration is available only for on-premises deployments of Valven. This feature is not supported in the cloud-hosted version.
Valven supports LDAP to enable centralized user authentication and group-based authorization in enterprises. It allows you to:
-
Authenticate users using corporate credentials
- Apply role-based access control using LDAP group memberships
-
Import LDAP groups as teams within Valven
Supported LDAP Servers
-
Microsoft Active Directory
-
OpenLDAP
-
Generic LDAP v3-compatible servers
Configuration Steps
1. Access the LDAP Settings
- Login with admin credentials (for details, contact with support@valven.com)
- Click on LDAP settings on sidebar
2. Basic Configuration
| Setting | Description | Default |
|---|---|---|
| Protocol | LDAP, LDAPS, LDAP-TLS | (Required) |
| Server | Hostname or IP of LDAP server (e.g., ldap.company.com) |
(Required) |
| Root DN | Base DN for LDAP queries (e.g., dc=company,dc=com) |
(Required) |
| Domain | Domain name in Active Directory | (Required for Active Directory only) |
| Manager DN | Bind DN to authenticate search requests (e.g., cn=ldap-reader,dc=company,dc=com) |
(empty = anonymous bind) |
| Manager Password | Password for Manager DN | (empty if anonymous bind) |
| User Search Base | Where users are located under Root DN (e.g., ou=users) |
(empty = use Root DN) |
| User Search Filter | LDAP search filter to find user records. Use {0} as placeholder for username (e.g., (uid={0})) |
(uid={0}) |
| Default Email | Default email domain for users that email address can be missing | (Required) |
3. Advanced Settings
| Setting | Description | Default |
|---|---|---|
| Display Name Attribute | LDAP attribute used for full name | cn |
| Email Attribute | Attribute containing email address | mail |
| Group Search Base | Where groups are located (e.g., ou=groups) |
(empty = use Root DN) |
| Group Search Filter | Filter to find groups in directory | (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup))) |
| Team Search Base | Where teams are located (e.g., ou=groups) |
(empty = use Root DN) |
| Team Search Filter | Filter to find teams in directory | (& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup))) |
| Group Membership Method: User Attribute | Select this option if an attribute is available in user records for group memberships (e.g., memberOf) |
(none) |
| Group Membership Method: Group Membership Filter | Select this option if a query is required to find LDAP groups containing user | (none) |
| Timeout | For LDAP requests | 30 seconds |
| Cache Duration | Cache user and group lookups | 5 minutes |
4. Testing and Saving
-
Click Test LDAP Connection to validate credentials and connectivity.
-
If successful, click Save Changes to apply the settings.
Team Mapping from LDAP Groups
When LDAP group search is enabled:
-
Valven will automatically fetch group memberships of each user during login.
-
Each LDAP group is mapped to a Team in Valven.
-
You need to select Teams to be tracked in Valven by clicking "Import From Repositories" button on Teams page.
-
Users will appear under corresponding teams with their access governed by group-level roles.
This is especially useful for syncing team structures and permissions without additional manual setup.
Troubleshooting
| Issue | Resolution |
|---|---|
| Users can't log in | Check User Search Filter and ensure correct binding |
| Teams not synced | Confirm Team Search Base and Team Search Filter are accurate |
| Test connection fails | Validate LDAP host, port, firewall, and credentials |
| Empty teams | Ensure users are members of groups in LDAP |
Comments
0 comments
Article is closed for comments.