LDAP user authentication

These instructions are for the Private eazyBI version 3.2.0 or later.

You can enable Private eazyBI user authentication using the specified LDAP server (for example, Active Directory server). If you enable LDAP user authentication then only LDAP users will be able to access Private eazyBI.

At first enable LDAP user authentication in eazybi.toml file (see the commented examples in eazybi.toml.sample file):

[authentication.ldap]
create_user = true

Then copy config/ldap.toml.sample file to config/ldap.toml and edit this file. The lines with the leading  are comments. Some commented lines contain sample settings – you can uncomment them by removing the leading .

Specify LDAP server connection in host and port settings. Set ssl = true if SSL connection should be used.

Specify which LDAP attribute should be used as a login name in eazyBI. If you connect to Active Directory then specify "sAMAccountName".

In name_attribute specify LDAP attributes that should be used to get the display name of eazyBI users.

In base specify the LDAP base search path that should be used when searching for LDAP users.

If LDAP server does not allow anonymous searches (e.g. Active Directory typically does not allow this) then you need specify how to authenticate with LDAP server in one of the following ways:

  • Specify username_template setting which will be used to construct the username for the LDAP server authentication. If you use Active Directory then specify
    username_template = "DOMAIN\\{{attribute}}" and replace DOMAIN with the domain name of the users.
  • Or you can specify admin_user and admin_password LDAP user credentials and then this admin user will be used to search for other LDAP users.

If you would like to limit that only users from the specified LDAP user groups can log in eazyBI then set check_group_membership = true, in group_base specify the LDAP base search path that should be used to search groups and in required_groups specify the list of LDAP user groups that are allowed to access eazyBI. If you use Active Directory then also set ad_group_check = true which will enable recursive group membership search.

If you need to debug LDAP queries then set log = true and you will see the LDAP log lines in the log/eazybi-web.log file.

After you change the config/ldap.toml file you need to restart the Private eazyBI server process.