There was a problem loading the comments.

Best practices for setting up an AD LDAP directory

Support Portal  »  Knowledgebase (FAQ)  »  Viewing Article

  Print
Editions: VIMP Corporate
Versions: 2.5.0+


For setting up a LDAP directory with AD we recommend the following procedure:

First, create a separate Organizational Unit (OU) for the groups of VIMP within the LDAP directory, containing only VIMP LDAP groups. Next, set the value of LDAP base groupĀ (ldap_base_group) to this OU. Thus, the assignment form of LDAP groups to VIMP roles within the backend of VIMP will only show those groups, e.g.:

ou=vimp,dc=subdomain,dc=domain,dc=tld


To avoid that all users of the LDAP directory are able to sign in with VIMP, it is recommended to create a new LDAP group and assign the users to it. By setting the value of LDAP user filter (ldap_user_filter) accordingly, only users of this group will be found, e.g.:

([&](objectClass=user)(memberOf=cn=vimpusers,ou=vimp,dc=subdomain,dc=domain,dc=tld))


Of course you can also assign already existing groups of the OU to VIMP roles. Thus, you save up one additional role, but the value of LDAP user filter (ldap_user_filter) has to be adapted for the groups in this case, e.g.:

([&](objectClass=user)(|(memberOf=cn=vimpadmins,ou=vimp,dc=subdomain,dc=domain,dc=tld)(memberOf=cn=vimpmods,ou=vimp,dc=subdomain,dc=domain,dc=tld)(memberOf=cn=vimpusers,ou=vimp,dc=subdomain,dc=domain,dc=tld)))

Share via

Related Articles

© VIMP GmbH