Skip to main content

Overview

Support for an LDAP server has been introduced into Casdoor. Casdoor is able to synchronize users from LDAP servers to Casdoor in order to use them as user accounts for logging in, and authenticate them using the LDAP servers. Casdoor also supports setting up cron jobs to synchronize users automatically on a regular basis.

Details about Casdoor-LDAP synchronization mechanism

The way Casdoor cooperates with an LDAP server is described as follows:

  1. Synchronization: Casdoor can connect to an LDAP server, fetch users' information, and read all users' information (including uidNumber, uid, cn, gidNumber, mail, email, emailAddress, telephoneNumber, mobile, mobileTelephoneNumber, registeredAddress, postalAddress). It then creates Casdoor accounts for each user in the LDAP, and stores these accounts in the database.

  2. Authentication: As we have seen, Casdoor does not fetch LDAP users' passwords. When an account that is synchronized from the LDAP server tries to log in through Casdoor, instead of checking the password stored in Casdoor's database, Casdoor connects to the LDAP server and verifies whether the user's password is correct.

  3. User identification: Casdoor uses uid to exclusively identify a user. Therefore, please ensure that every LDAP user has a unique uid.

Once a user is synchronized into Casdoor, their information is independent from the LDAP user. This means that if you modify the user's information in Casdoor, the user's information in the LDAP will not be modified, and vice versa (except for the LDAP user's password, as we rely on it to authenticate the user).