public-backup/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet.git synced 2025-12-05 19:07:59 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14157 from ToolJet/docs/ldap-ou-sso

Browse Source 
[docs]: LDAP Multi OU
This commit is contained in:
Adish M
2025-09-24 14:13:49 +05:30
committed by GitHub
parent 8440a41b4b e3436d75a1
commit 402b9d1d20
2 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/versioned_docs/version-3.16.0-LTS/user-management/sso/ldap.md
View File

@@ -41,3 +41,26 @@ Role Required: **Admin** <br/>
During the first login, ToolJet performs additional checks. It verifies the user groups in the LDAP server, and if the corresponding group exists in the ToolJet workspace, the user will be automatically added to that group. Additionally, ToolJet also looks for the user's profile picture in the LDAP server and updates the ToolJet account accordingly.
:::
## Support for Multiple Organizational Units
ToolJets LDAP SSO implementation supports authentication across multiple Organizational Units (OUs). This allows ToolJet to search across multiple base Distinguished Names (DNs) to locate and authenticate users, making it easier to support complex directory structures.
### How to Enable Multi-OU Support
To enable support for multiple OUs, admins can configure a list of base DNs using an environment variable. ToolJet will attempt to authenticate users against each base DN in the order they are defined.
**Environment Variable**
Set the `TOOLJET_LDAP_BASE_DNS__<workspace_slug>` environment variable with a JSON array of base DNs. Make sure to update your workspace slug in place of `<workspace_slug>`.
Example:
```javascript
TOOLJET_LDAP_BASE_DNS__nexus_corps='["ou=team1,dc=company,dc=com","ou=team2,dc=company,dc=com"]'
```
ToolJet will iterate through the provided list during login attempts, checking each base DN until a matching user is found or all options are exhausted.
**Notes**
- If `TOOLJET_LDAP_BASE_DNS__<workspace_slug>` is not set, ToolJet will default to the single OU behavior to maintain backward compatibility.
- The order of base DNs matters—authentication will follow the sequence defined in the array.

6
docs/versioned_docs/version-3.5.0-LTS/user-management/sso/ldap.md
View File

@@ -42,16 +42,16 @@ ToolJets LDAP SSO implementation supports authentication across multiple Orga
To enable support for multiple OUs, admins can configure a list of base DNs using an environment variable. ToolJet will attempt to authenticate users against each base DN in the order they are defined.
**Environment Variable**
Set the `TOOLJET_LDAP_BASE_DNS__<workspace-slug>` environment variable with a JSON array of base DNs. Make sure to update your workspace slug in place of `<workspace-slug>`.
Set the `TOOLJET_LDAP_BASE_DNS__<workspace_slug>` environment variable with a JSON array of base DNs. Make sure to update your workspace slug in place of `<workspace_slug>`.
Example:
```javascript
TOOLJET_LDAP_BASE_DNS__nexus-corps='["ou=team1,dc=company,dc=com","ou=team2,dc=company,dc=com"]'
TOOLJET_LDAP_BASE_DNS__nexus_corps='["ou=team1,dc=company,dc=com","ou=team2,dc=company,dc=com"]'
```
ToolJet will iterate through the provided list during login attempts, checking each base DN until a matching user is found or all options are exhausted.
**Notes**
- If `TOOLJET_LDAP_BASE_DNS__<workspace-slug>` is not set, ToolJet will default to the single OU behavior to maintain backward compatibility.
- If `TOOLJET_LDAP_BASE_DNS__<workspace_slug>` is not set, ToolJet will default to the single OU behavior to maintain backward compatibility.
- The order of base DNs matters—authentication will follow the sequence defined in the array.