Authenticate Using Active Directory

To setup your CodiMD instance with Active Directory you need to set the following variables:

CMD_LDAP_URL=ldap://internal.example.com
CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com
CMD_LDAP_BINDCREDENTIALS=<super secret password>
CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com
CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
CMD_LDAP_USERIDFIELD=sAMAccountName
CMD_LDAP_PROVIDERNAME=Example Inc AD

Notes

CMD_LDAP_BINDDN is either the distinguishedName or the userPrincipalName.
You would see the error: "username/password is invalid" if CMD_LDAP_BINDDN or CMD_LDAP_BINDCREDENTIALS is incorrect
CMD_LDAP_SEARCHFILTER will search through all users with either the email address or the sAMAccountName (usually the login name used to login to Windows).
CMD_LDAP_SEARCHFILTER should be in this format: (&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
CMD_LDAP_USERIDFIELD means: we want to use sAMAccountName as the unique identifier for the account itself.
CMD_LDAP_PROVIDERNAME is just the name on the login page above the username and password field.

Reference

More details and example: https://www.npmjs.com/package/passport-ldapauth

Authenticate Using Active Directory

Notes

Reference

tags: CodiMD Docs

tags: `CodiMD` `Docs`