If LDAP authentication is enabled for a form, only respondents in your LDAP (or Active) Directory can access the form. With this authentication and the LDAP Prefill Connector combined, you can also prefill the form with the authenticated respondent's information. You can also watch our Video Tutorial below for a walkthrough on the setup process.
You'll need the Enterprise Plan, an LDAP service, and a user entry from your LDAP directory.
There are 2 parts to get started.
- You'll need your IT team to open the server to receive requests from the IP of your enterprise instance.
- We need the following code block filled out specific to your company and sent to our support team, then we can update your FormAssembly server with the details.
- Support can also give you your Enterprise IP Address.
// LDAP connection template (skip if LDAP is not used) var $ldap = array( 'datasource' => 'ldap', 'host' => 'localhost', 'port' => 389, 'basedn' => 'o=company', 'login' => 'uid=admin,ou=system', 'password' => 'password', 'version' => 3, 'primaryKey' => 'samaccountname', // use 'samaccountname' for Active Directory, try 'uid' otherwise. 'mapping' => array('email' => 'mail', // Attribute mapping (change the LDAP attribute name if needed) 'first_name' => 'givenname', // DATABASE COL => LDAP Attribute name 'middle_name' => '', 'last_name' => 'sn'), 'opt_referrals' => 0, // leave to 0 unless you're getting a LDAP #10 referral error (then set to 1). 'database' => '' // leave empty );
Enable LDAP Authentication
- Go to the Processing Options page for the form you would like to enable LDAP authentication.
- In the Allows Responses From: section, choose LDAP Authenticated Users.
- Click configure.
Configure LDAP Authentication
1. Set Up an LDAP Connection
An LDAP connection needs to be defined in your Enterprise instance in order for the LDAP authentication to work. If you haven't yet set up an LDAP connection, please contact FormAssembly Support for assistance. If you've successfully configured an LDAP connection to work with your instance, the base dn of your LDAP connection will be displayed in the Authentication Scope section.
2. Set the Authentication Scope of the LDAP Query (Optional)
You can define the scope of the query for an LDAP search by adding a subtree of your base dn to the Authentication Scope field. This will limit the search for entries to a specific subtree of your base dn. Setting the scope may require advanced knowledge of your LDAP service's structure.
Please note, the remaining images and video tutorial are from our legacy interface. If you are in our new, Gemini interface, your setup will look different but the steps you take should be the same. Please contact support if you are running into difficulty.
3. Test Connection
In order to enable attributes and form aliases for the LDAP Prefill Connector, a test connection to an LDAP user entry must be made.
Enter the Username and Password of a user. Click the Test button.
If the test is successful, the Select LDAP Attributes section will display the attributes of that user entry. You'll then be able to use those attributes in the LDAP Prefill Connector.
4. Select LDAP Attributes
Now, to enable an attribute, check the Enabled checkbox for the attribute. The alias for the attribute value is displayed next to the checkbox.
Check the box to enable auto-resume. Authenticated users who save their response will be able to automatically resume their response the next time they log in. (Users who saved more than one response before auto-resume is enabled will still be able to pick which response to resume.)
Or, leave the box unchecked to disable the auto-resume.
When you're done, click the Apply button to save your settings.