Sangfor SCP supports correlating with LDAP authentication and can import LDAP users into this platform to manage user authentication. LDAP is a lightweight directory access protocol generally used as an authentication server. SCP supports importing users from the LDAP server into SCP and assigning corresponding roles.

Precautions:

1. If the LDAP server is disconnected from the SCP or the LDAP server is down, users will not be able to log in on the SCP.
2. When modifying user information on the LDAP side, it is not recommended to change the login username and email address at the same time. A new user would be created in SCP during the import if both were changed simultaneously.
3. The import username cannot be admin or SCP.
4. Users who do not have email addresses and mobile phone numbers on the LDAP server will have their mobile phone numbers, and email addresses randomly generated on the SCP after being imported into the SCP.

Prerequisite

1. If the operating system of the LDAP server is Windows, the Windows server 2012 version is supported.
2. If the operating system of the LDAP server is Linux, it must support OpenLDAP.

Steps:

LDAP Authentication

Login to the SCP platform, navigate to Resources > Management > System, and click Authentication to enter the configuration page.

Configure the Server Name, IP Address, Port, Distinguished Name (DN), and Admin Password, as shown in the below figure.

After the configuration is complete, click Test Connectivity to verify the configuration. Finally, click Save to save the configuration.

Navigate to Users and Access Management > Users > Other Users, click Import, select Import LDAP Users, and configure the Upon Conflict. Click OK to import users.

After completing the import, click Assign Role to the corresponding users and configure the corresponding role. The imported user can be configured as a tenant or tenant user role.