Replies: 3 comments 3 replies
-
When the user selects the LDAP button we call the LDAP backend to fetch data and check the password.
Is this what you are looking for or do you want to have a scheduled sync? |
Beta Was this translation helpful? Give feedback.
-
Yes, like you explained in 1. LDAP integration should be like in Keycloak: Or Authelia: Or Authentik: Regarding number 2, if LDAP doesn't provide fields, missing fields should be merged from fields, that Zitadel provides. |
Beta Was this translation helpful? Give feedback.
-
I'll second this proposal as it's currently a blocker for us adopting Zitadel. I'll share our perspective and use case. From our perspective, using LDAP as a source of user information is an internal detail and not one that needs to be exposed to the end-users. We use LDAP internally for employees but want a standalone identity provider for external users to the web apps that we build and don't want to mix the two sources. We are looking for a SSO portal that both internal employees and external users can use without either of them knowing where the source of their data is (i.e. same UX for both). We would hope that the SSO allows both categories of users to reset their password (with some basic attribute synchronization back to the LDAP source for internal employees). |
Beta Was this translation helpful? Give feedback.
-
Is it planned to integrate LDAP in the backend? This means Zitadel reads user information and his group membership that exist in the LDAP server, checks the password against a LDAP server and combine user information from LDAP with Zitadels additional fields, that doesn't exist in LDAP.
For now, LDAP is just an external identity provider. Users see an additional "LDAP" button:
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions