Possible to enable LDAP authentication, but only if a LK account is created?: /home/Support/LabKey Support Forum

Possible to enable LDAP authentication, but only if a LK account is created?

LabKey Support Forum (Inactive)

View Message

Possible to enable LDAP authentication, but only if a LK account is created?

Ben Bimber

2017-10-13 12:34

Status: Closed

We have a site where users need to register. For convenience, I'd like to connect this to our institution's LDAP server, since a good portion of users will come from there. However, when I do this any valid LDAP account can immediately log on, at least to the level of what 'All Sites Users' can view. This is presumably because as soon as someone logs in with a valid LDAP account, a LabKey user is created.

Is there any way to get behavior such that LDAP will be used for authentication, but only if there was an account created on the LK side (i.e. dont auto-create from LDAP)?

Thanks for any help.

Ben Bimber responded:	2017-10-13 12:38
i always seem to see the right thing immediately after posting. i think the "Auto-create authenticated users" on site admin -> authentication controls this.

jeckels responded:	2017-10-13 12:39
Yes, that setting should let you control this. Thanks, Josh

Jon (LabKey DevOps) responded:	2017-10-13 12:42
Hi Ben, There is a new switch now that allows one to disable the ability to "Auto-create authenticated users" if LDAP is turned on. I can't remember when this was introduced though in the Authentication config section though. Do you see this in the Authentication section of the Admin Console? (See attached) Regards, Jon
Authentication.png

Jon (LabKey DevOps) responded:	2017-10-13 12:43
Disregard my comment. I see you found it already. :-)