LogoLogo
Getting StartedDevelopersDeployment GuideGet Help
  • Quick Links
  • Welcome to Form.io
    • Getting Started With Form.io
    • Launch a Form
    • Overview of Form.io
  • Developer Tool Ecosystem
    • PDF Solution
    • Enterprise Form Builder
    • Form View Pro
    • The Security Module
    • Accessibility Compliance Module
    • Developer License
    • SQL Connector - Deprecated
    • Integration Libraries
    • Form.io CLI Tool
  • User Guide
    • Introduction
    • Form.io Developer Portal
    • Teams
    • Projects
      • Project UI
      • Project Settings
      • Stages
      • Multi-Tenancy
    • Resources
      • ResourceJS
    • Forms
      • Form Creation
      • Form Types
      • PDF Forms
      • Embedding a Form
      • Form Revisions
      • Form Settings
    • Form Building
      • Form Builder UI
      • Form Components
        • Component Settings
        • Basic Components
          • Resource as Select Component Data Source
        • Advanced Components
        • Layout Components
        • Data Components
        • Premium Components
          • Nested Forms
        • Custom Components
      • Logic & Conditions
      • Existing Resource Fields
      • Actions
    • Submissions
      • Accessing Submissions
      • Importing Submissions
    • Form.io eSignature - Coming Soon
    • Form.io Reporting Module
    • PDF Template Designer
    • Form View Pro
    • Form Manager
    • Enterprise Form Builder Module
      • Installation
      • User Guide
  • Developer Guide
    • Introduction
      • Application Development
      • API Documentation
    • Form Development
      • Form Renderer
      • Form Builder
      • Form Embedding
      • Form Evaluations
      • Form Templates
      • Custom Components
      • Translations
    • JavaScript Development
      • JavaScript SDK
      • JavaScript Frameworks
      • JavaScript Utilities
    • Authentication and Authorization
      • SAML
      • OAuth
      • LDAP
      • Resource Based Authentication
      • Email Authentication
      • Two-Factor Authentication
    • Roles and Permissions
      • Field Match-Based Access
      • Field-Based Resource Access
      • Group Permissions
    • Integrations
      • Email Integrations
      • File Storage
      • Google Developer Console
      • eSign Integrations
      • Relational Databases
    • Modules
    • Fetch Plugin API
    • CSS Frameworks
    • Offline Mode
    • Audit Logging
  • Deployments
    • Self-Hosted Deployment
      • Local Deployment
        • Local File Storage
      • Kubernetes
      • Cloud Deployment
        • AWS Deployment
          • AWS Lambda
          • Form.io/AWS Elastic Beanstalk End-To-End Encrypted Deployment
        • Azure Deployment
          • Azure App Service
            • Azure MSSQL Connector - Deprecated
          • Azure Virtual Machine
          • Azure Kubernetes Service
          • Set up the DB
        • GCP Deployment
          • GCP Cloud Run
      • On-Premise Deployment
      • Enterprise Server
      • PDF Server
    • Deployment Configurations
      • DNS Configuration
      • Load Balancer Configuration
    • Licenses
      • License Management
      • Library Licenses
    • Portal Base Project
      • Portal SSO
      • Portal Translations
    • Maintenance and Migration
      • Changes to Premium Libraries
  • FAQ
    • FAQ
    • Tutorials & Workflows
      • Password Reset
      • Dynamic Select Filtering
      • Approval Workflow
      • SSO Email Token
      • Embedding A Video
      • Data Source Validation
      • Select Data Source Options
      • Nested Form Workflows
        • Nested Wizard Forms
      • Save as Draft
      • Role-Based Conditions
      • Custom Component
      • Dynamic Radio and Select Box Values
      • Override CKEDITOR
    • Errors
    • Examples
    • License Utilization Checks
    • Glossary of Key Concepts
  • Contact Us
Powered by GitBook
On this page
  • Setup
  • Test Configurations
  • Project Configuration
  • LDAP Login Form
  • LDAP Login Form Access
  • LDAP Login Action
  • Assign Roles
  • Testing LDAP Login

Was this helpful?

  1. Developer Guide
  2. Authentication and Authorization

LDAP

LDAP Authentication integration provides the ability to authenticate your users directly against an LDAP service such as OpenLDAP or Active Directory.

LDAP Users are not imported into Form.io as Resources and exist only externally in LDAP. They still get assigned Form.io roles and can have ownership over forms and submissions.

Setup

To start using LDAP for your authentication, you will need the following parameters from your LDAP provider.

Setting

Description

Server URL

LDAP server URL, eg. ldaps://ldap.example.org:663

Bind DN

Admin connection DN, e.g. uid=myapp,ou=users,dc=example,dc=org.

Bind Password

Password for bindDN.

Search Base

The base DN from which to search for users by username. E.g. ou=users,dc=example,dc=org

Search Filter

LDAP search filter with which to find a user by username, e.g. (uid={{username}}). Use the literal {{username}} to have the given username interpolated in for the LDAP search.

Test Configurations

If you wish to simply test the LDAP functionality, you can use the following parameters:

  • Server URL: ldap://ldap.forumsys.com:389

  • Bind DN: cn=read-only-admin,dc=example,dc=com

  • Bind Password: password

  • Search Base: dc=example,dc=com

  • Search Filter: (uid={{username}})

With these configurations, you should then be able to use the following login credentials.

  • Username: einstein

  • Password: password

Project Configuration

Once you have these configurations, you can setup LDAP within your Project Settings like so.

By default Form.io uses email addresses to login in users so using the email attribute in the search filter is recommended unless you change the User Login form to match the search filter. For example (mail={{username}})

LDAP user accounts are created and managed outside of the Form.io environment. Users attempting to view their account information from the Portal UI will receive an Error since Form.io does not manage this information. Create and manage LDAP accounts from the LDAP service provider or contact your system administrator.

Click Save Project Settings once you have these values set.

LDAP Login Form

Next, we will create a new form that will be used to Login to LDAP. We can do this by clicking on New Form, and then building it as follows.

Click Create Form button to create the new form.

LDAP Login Form Access

You will now need to ensure that Anonymous users are able to "submit" this form, which will execute the actions assigned to the form. You can do this by clicking on the Access settings and adding the Anonymous role to the Create Own permission.

LDAP Login Action

Next, we will navigate to the Actions section of our form and first Remove the Save Submission Action.

After we have done, that we will add the LDAP Login action as follows.

Within the LDAP Login Action, you will then configure the following parameters.

If you choose the Passthrough option, any failures except for a failure to Bind the user account, will be ignored and the login information will be passed to the next form action. This allows using both LDAP and the Form.io Login action on the same form.

Assign Roles

Next map any LDAP properties to user roles. Select the property, the matching value and the role to assign it true. Leave LDAP Property and Value blank to assign the role to all LDAP accounts.

For example:

  • LDAP Property: group

  • Value: Admins

  • Role: Admin

Would assign the Admin role to any members of the Admins group.

The user’s DN is also mapped to the list of properties so if the DN is dn=myname,ou=admins,dc=example,dc=org you can do:

  • LDAP Property: ou

  • Value: admins

  • Role: Admin

After you have the Login action set, you can save this action to add this to the form.

Testing LDAP Login

If you provided the Test Credentials at the top of the page, then you should be able to perform the following API request within Postman to perform and test out an LDAP login.

Here you will see that the Authenticated role has been assigned to the user object.

PreviousOAuthNextResource Based Authentication

Last updated 1 month ago

Was this helpful?