About LDAP integration

When a user logs in to Build Forge for the first time using LDAP credentials, the user is authenticated and set up within Build Forge as follows.

Important: If you intend to use group mapping, enable LDAP group mapping before users log in.

If group mapping is disabled, users log in, and you later enable group mapping, the mapping is not performed on the existing users. If you enable LDAP group mapping after users have logged in, delete the users from the Build Forge Users list and have them log on again. The users' membership to Build Forge access groups is then based on the LDAP group mapping, rather than any manual changes you have made.

  1. The user sees a Domain field on the login panel. If more than one domain is configured, the field is a pull-down list. The user selects the domain and logs in.
    Note: If you configure more than one domain, individual unique user IDs must be unique across domains. The system allows only one login per unique user. If one user logs in and then another user logs in using the same unique user ID, the first user session is closed. See Accessing and using the console for more information about user sessions.
  2. Build Forge checks for the account on the LDAP server. You can configure Build Forge to use a normal user or an administrative user to perform the check.
  3. If the user name is found, Build Forge then attempts to log in to LDAP using the credentials the user supplied at the Build Forge login panel (or from a login from a program using an API client).
    • If the credentials do not match or the user name is not found, the login fails.
    • If the credentials match, login proceeds.
  4. If the user has not logged on before, Build Forge automatically creates a user in its user list. A user who logs in through LDAP has the User Name, Password, Login, Confirm, and Email fields disabled, because that information is provided by LDAP.
    Note: The system assigns LDAP users to the root user's time zone on first login because it does not get time zone information from LDAP. You can manually set the time zone afterward.
  5. Build Forge applies access groups to the user.
    • If LDAP group mapping is enabled, the specified access groups are applied. The default Build Forge access groups are also applied. Enabling group mapping requires configuration in the Build Forge LDAP domain properties.
      Note: Group mapping is performed each time the user logs in. This keeps Build Forge synchronized with group membership changes in LDAP.
    • If LDAP group mapping is not enabled, Build Forge default access groups are applied. Access group membership can then be managed manually.

Feedback