Configure an LDAP Connector

This page explains how to integrate an LDAP directory as an authentication method for your users on Reemo.

Important

This feature is not available on Public Cloud.
It is only available in Private Cloud and On-Prem.

Note

LDAP authentication is available by default at the instance level (Instance Wide).
If the global option LDAP Sign-in per Organization is enabled in the Global Settings, you can also create and configure LDAP connectors per organization.
Screenshots and labels may vary slightly depending on your interface version.

Configure LDAP in Reemo

Case 1: Instance wide
Configure LDAP in the instance’s Admin Area, under the Connectors menu.
Configure SAML in the instance Admin Area

Access Connectors in the instance Admin Area.

Case 2: Per organization (optional)
If the global option LDAP Sign-in per Organization is enabled, you can create an LDAP connector directly in your organization’s Connectors menu.
Enable LDAP Sign-in per Organization

Enable the LDAP Sign-in per Organization option in the Global Settings.


Configure SAML at the organization level

Configure SAML in Organization > Connectors.

Configure the LDAP Server

Within the instance (or within the organization if LDAP Sign-in per Organization is enabled), create a new LDAP Connector and fill in the following fields:

  • Friendly Name: name of your LDAP server (e.g., Company-AD).

  • Protocol: LDAP or LDAPS (recommended).

  • Host: IP address or FQDN of the LDAP server.

  • Port: server port (default: 389 for LDAP, 636 for LDAPS).

  • Bind DN: DN of the user used to connect to the LDAP server.

  • Password: password of the bind user account.

  • Base: base DN used to search for users and logins.

LDAP connector creation form

Fill in the LDAP connector fields.

Configure Attributes (Attributes Mapping)

Define the attribute mapping so Reemo can correctly identify your users:

  • UID: unique identifier field.

  • Username: login identifier field.

  • Email: email address field.

  • Full Name: full name field (e.g., displayName).

LDAP attribute configuration

Define LDAP attributes for user mapping.

Provision Users

Approach A: Manual provisioning from the organization
You must explicitly provision LDAP users in your organization (see below).

Once the connector is configured, you need to provision the users from your LDAP directory into your organization.

  1. Go to the Users menu of your organization.

  2. Click on New User > Provision LDAP User.

New User > Provision LDAP User button

Provision LDAP users from the organization.

  1. A popup lets you search for your users and provision them:

    • Select the new LDAP connector from the dropdown menu.

    • Search for your users by Username, Email, or Full Name (if configured in the mapping).

    • Click Provision to add the users to your organization.

Provisioning LDAP users

Provision LDAP users from the organization.

Approach B: Automatic provisioning
You can automate user account creation on their first login via LDAP.

  1. In the Connectors menu, edit your LDAP connector.

  2. Enable Just In Time Provisioning in the Extra Settings.

Enable Just In Time Provisioning

Enable Just In Time Provisioning in the LDAP connector’s Extra Settings.

Sign in via LDAP

Once the connector is active and users are provisioned (or JIT enabled), they can sign in via LDAP at the following addresses:

  • General portal access:

    https://[portal_url]/

  • Direct access to the organization:

    https://[portal_url]/login/[organization_shortname]
Sign in via LDAP

Sign in using LDAP Sign-in.