LDAP / Active Directory¶
With our LDAP-Integration, you can easily use existing authentication systems without having to update more than one source. Also, e.g. password policies are ensured by your LDAP-Source - Zammad will always contact your LDAP-Server for authentications.
The LDAP-Sync is one way: LDAP => Zammad. Changes to your users inside of Zammad might be overwritten by the LDAP Sync.
To configure LDAP-Integration, simply go to the Admin-Settings -> System -> Integrations -> LDAP. Press “change” and follow the wizard for adding the needed LDAP-Information to Zammad. On the last step Zammad will ask you for your wanted LDAP-Mapping. By default, Zammad only Maps Login, First- and Lastname. Technically you can map any LDAP object to a Zammad User-Object (this also works for Custom Objects!).
On this wizard step, you can also define the wanted LDAP-Group to Zammad-Role mapping.
Please note that nested groups are currently not supported by Zammad.
If needed, you can also change the user filter for your LDAP-Query. The option “Users without assigned LDAP groups” will by default assign the Customer-Role (default sign-up role) to any LDAP-User, that doesn’t match to the above role-mapping. After pressing Continue, Zammad will check if the configuration is okay. You can then enable LDAP and start your first sync. The sync will then run hourly - if you need to change mappings, you can change the configuration at any time.
After the sync has finished, you can find the new LDAP-Users under “Users”. Zammad integrates them just normal users, the difference is the login name.