LogoLogo
Packmind CloudChangelogGet supportJoin Slack
  • 👋Welcome!
  • 🪐Manage spaces
  • 🔐Security and data
  • 🐞Troubleshooting guides
  • 🚀First steps
    • Enable and configure AI
    • Connect your Git platform
  • 📥Capture your coding practices
    • How to create coding practices
    • Review practices in the Inbox
  • 🔍Enforce practices in your code
    • Setup practices detection with the AI Agent
    • Packmind CLI
      • Run with NPM
      • Run with Docker
      • SonarQube Integration
      • Run in Gitlab CI
  • Coding Assistants Integration
  • 👩‍💻Plugins & Integrations
    • IDE Plugins
      • 🚀Packmind's IDE plugins use cases
      • Visual Studio Code
      • Visual Studio
      • JetBrains IDEs
      • Eclipse
      • Xcode
      • Packmind Tech Coach
    • 🔔Get notifications
  • 📖Best practices management
    • Manage your practices
      • Import, copy and export practices
      • Use categories to organize your practices
      • Manage duplications of practices
      • Move all practices from a space to another space
      • Styling with Markdown
      • Multi-file examples on coding practices
    • 📰Scheduler to push practices
  • ↔️API Reference
    • Authentication
    • Documentation
  • ⚙️Account & Settings
    • 👩‍💼Manage users
    • 💵Subscription and Billing
    • 🔓Single Sign-On (SSO) in Packmind
      • Enable SSO for Packmind Cloud
      • Enable SSO for Packmind Self-Hosted
  • 🏠On-Premise version
    • Release notes - Self-Hosted versions
    • Install the Self-Hosted version
      • Migrate from a legacy setup (Mongo 2.x)
    • Connect a SMTP server
    • Authentication
      • Authentication with OpenLDAP
      • Authentication by SSO
      • Authentication with Active Directory
Powered by GitBook
On this page
  • Configure through environment variables
  • Configure through the Web UI

Was this helpful?

  1. On-Premise version
  2. Authentication

Authentication with OpenLDAP

PreviousAuthenticationNextAuthentication by SSO

Last updated 1 year ago

Was this helpful?

Configure through environment variables

For a configuration by environment variables, go to .

Here is an example of configuration with a docker-compose.yml:

version: '3'

services:
  Packmind:
    image: promyze/promyze:latest
    ports:
      - "3001:3001"
    environment:
      - MONGO_URI=mongodb://mongodb:27017/promyze
      - THEMIS_AUTH_SERVICE=open-ldap
      - THEMIS_AUTH_CONFIG_HOSTNAME=openldap.company.com
      - THEMIS_AUTH_CONFIG_PORT=389 #or 689 is secured
      - THEMIS_AUTH_CONFIG_SECURE=false
      - THEMIS_AUTH_CONFIG_ADMIN_DN=cn=admin,dc=openldap,dc=company,dc=com
      - THEMIS_AUTH_CONFIG_ADMIN_PASSWORD=password
      - THEMIS_AUTH_CONFIG_SEARCH_BASE=ou=users,dc=openldap,dc=promyze,dc=com
      #- THEMIS_AUTH_CONFIG_CA=/data/rootCA.pem if needed, but should be mapped into volumes
      #- THEMIS_AUTH_CONFIG_CERT=/data/openldaplts.pem
    volumes:
      - ./logs:/data/log
  mongodb:
    image: mongo:4.4
    volumes:
      - ./db:/data/db

Configure through the Web UI

The procedure describes below is only with an Administrator account.

Go in the Administration > Authentication part.

In that page, select OpenLDAP as way of authentication.

Then fill the fields of the form:

  • Hostname: address of the serveur on which is the OpenLDAP service.

  • Port: port on which is the OpenLDAP service.

  • Secured server: if that option is selected, ldaps will be used in place of ldap.

  • Root username: User DN used to sign in to the OpenLDAP server.

  • Root passeword: the password used to sign in to the OpenLDAP service.

  • User search root DN: The root node in OpenLDAP used to search users. Example: cn=users,dc=example,dc=com".

  • Search filter: (Optional) Used to filter users during search. Default: '(uid={{username}})' where username corresponds to the identified user.

  • OpenLDAP displayName attribute: User attribute used as the user displayName in Themis.

  • OpenLDAP mail attribute: User attribute used as the user mail in Themis.

  • Group search root DN: (optional) the root DN of the group that is allowed to sign in to Themis, if that parameter is left empty, all groups are allowed to sign in to Themis.

  • Group search filter: (optional) User to filter group members. Default: '(member={{dn}})'.

Once these information informed, click on Save. That action will disconnect you.

You have to restart Packmind so that the change would be effective.

The connection to Themis will then go through your OpenLDAP server:

If for example, an user with the jdoe login already is within Themis (identified by its login) and that that user sign in with its OpenLDAP account that has the same login (jdoe), then he will arrive directly on its existing account.

If rather, a person signs in OpenLDAP but did not have an already saved account in Themis, then a form will appear allowing him to complete its account within Themis:

🏠
this page