Knowledge Base

How Can We Help You?

Search here to get answers to your questions

Popular:

Introduction
Setting Up
Basic Setup
Data Import
Users and Permissions
Printing
Workflows
Email
System Configuration
Data Privacy
Configurations
Advanced
Errors and Reports
Tools
Collaboration Tools
Transactions
Automation
Accounts
Journals and Payments
Billing
Taxes
Pricing
Multi Currency
Retail Operations
Accounting Reports
Deferred Accounting
Subscription
Shareholder Management
Asset
Buying
Module Setup
CRM
Marketing
E-commerce
Website
Employee
Attendance
Recruitment
Training
Employee Lifecycle
Payroll
Employee Tax and Benefits
Performance
Travel and Expense Claim
Gratuity
Fleet Management
Loan
Projects
Project Management
Time Tracking
Quality Management
Selling
Customer Portal
Selling Reports
Stock
Item Variants
Stock Transactions
Serial and Batch Number
Return
Stock Reports
HelpDesk
Education
Student
Admission
Fees
Schedule
Assessment
Assessment Reports
Hospitality
Manufacturing
Production and Material Planning
Non Profit
Membership
Volunteer
Donor
Grant application
Customize BizCentric
Records
Navigation
Custom field
Customize Form
Customize Print Format
Fetch Values
Restrictions
Miscellaneous
BizCentric Integrations
Authentication Integration
Backup Integration
Bank Integration
E-commerce Integration
Shipping Integration
Google Integration
Payment Integration
Telephony Integration
Regional
Reports

Setting up LDAP

  • 93views
  • February 7, 2024

Setting up LDAP

The Lightweight Directory Access Protocol (LDAP) serves as a centralized access control system utilized by numerous small and medium-scale organizations.

By configuring the LDAP service, you can log in to your BizCentric account using LDAP credentials.

1. Prerequisites

To utilize LDAP, you must initially install the ldap3 Python module. Follow these steps:

  1. Open a terminal session on the server hosting your BizCentric instance.
  2. Navigate to the bizcentric-bench directory.
  3. Execute the command: ./env/pip install ldap3

Once this installation is complete, you can proceed to enable the LDAP service in BizCentric.

2. Setting up LDAP

To setup LDAP, go to

Home > Integrations > LDAP Settings

Many parameters are mandatory to allow BizCentric to connect to LDAP. They are:

  • LDAP Server URL: This denotes the URL to your LDAP server and must adhere to the format ldap://yourserver:port or ldaps://yourserver:port.
  • Base Distinguished Name (DN): This represents the distinguished name of the user authorized to retrieve user details from your LDAP server. It should be a user with read-only permissions.
  • Password for Base DN: This refers to the password associated with the user mentioned above, utilized for retrieving user details from your LDAP server.
  • Organization Unit of Users: This pertains to the DN of the Organizational Unit that all users in your LDAP server must belong to in order to log into BizCentric.
  • Default Role on Creation: Upon user creation in BizCentric, this default role will be assigned to them upon their initial login.
  • LDAP Search String: This enables BizCentric to match the user/email provided in the login screen with the LDAP Server. For instance, you could use email address or username based on your preference, and it should be in the format: LDAPFIELD={0}
  • Example for Active Directory username: sAMAccountName={0}
  • Example for Open LDAP username: uid={0}
  • LDAP Email Field: Specifies the LDAP field containing the user’s email address.
  • Example for Active Directory and Open LDAP: mail
  • LDAP Username Field: Specifies the LDAP field containing the user’s username.
  • Example for Active Directory: sAMAccountName
  • Example for Open LDAP: uid
  • LDAP First Name Field: Specifies the LDAP field containing the user’s first name.
  • Example for Active Directory: givenName
  • Example for Open LDAP: sn

There are many other non-mandatory fields that you can use to map your LDAP user fields to the BizCentric user fields. They are:

  • Middle Name
  • Phone
  • Mobile

Once you’ve ensured your settings are accurate, you can select the ‘Enabled’ checkbox at the top. Upon attempting to enable LDAP, BizCentric will endeavor to establish a connection with the LDAP server to verify the settings. If this connection attempt fails, you won’t be able to enable LDAP and an error message will be displayed.

The error message will specify the issue that needs to be addressed before proceeding.

Once LDAP is enabled, the system will present the ‘Login Via LDAP‘ option on the login screen.

2.1 LDAP Security

In the LDAP Security section, You have many options to connect securely to your LDAP server.

  • SSL/TLS Mode

    Specifies whether you want to start a TLS session on initial connection to the LDAP server.

  • Require Trusted Certificate

    Indicates whether a trusted certificate is necessary for connecting to the LDAP server.

    If a trusted certificate is required, you must provide the paths to your certificate files. These files should be located on your BizCentric server, and the following fields should contain absolute paths to the files on your server:

    • Path to private Key File
    • Path to Server Certificate
    • Path to CA Certs File

2.2 LDAP Group Mappings

BizCentric offers the functionality to automatically assign various LDAP groups to corresponding BizCentric roles. For instance, you might wish for all Accounting employees to be automatically assigned the Accounts User Role.

To enable this feature, ensure that you provide information in the LDAP Group Field. This field corresponds to the LDAP attribute found on a user object in LDAP, containing all the groups the user belongs to.

For Active Directory and Open LDAP, this field should typically be set to ‘memberOf’. However, please note that for Open LDAP, this feature might require enabling on your LDAP server. Additional examples and details can be found online.

Note that all BizCentric roles will be checked each time a user logs on and will be removed or added to the user’s permissions.

Within the LDAP Settings section, you’ll encounter two dropdown menus.

  1. SSL/TLS Mode: Choose ‘StartTLS’ to establish a connection to your LDAP server using StartTLS. If your LDAP server doesn’t support StartTLS, selecting this option will trigger an error indicating that StartTLS is not supported. In such a case, review the configuration on your LDAP server to address this issue.
  2. Require Trusted Certificate: By switching this to ‘Yes’, the certificate provided by the LDAP server must be trusted by the BizCentric server. If you prefer to utilize StartTLS with a self-signed (untrusted) certificate, set this option to ‘No’. Note that if you’re not using StartTLS, this setting becomes irrelevant.