LDAP Examples

After exploring the comprehensive LDAP settings in Rocket.Chat, it's beneficial to examine practical examples of these configurations. These example values provide a clearer understanding of how to apply LDAP settings in real-world scenarios.

Connection

  • Server Type = Active Directory

  • Host = adfs.support.rocket.chat

  • Port = 389

Authentication

  • User DN = CN=Administrator,CN=Users,DC=support,DC=rocket,DC=chat

  • Password = ADFSpassword

Search Filter

  • Base DN = OU=Tech,DC=support,DC=rocket,DC=chat

  • Filter = (objectclass=*)

  • Scope = sub

  • Search Field = sAMAccountName

  • Search Page Size = 25

  • Search Size Limit = 100

Replace the values above with your respective environment.

Log in with a username

  • LDAP_Enable = True

  • LDAP_DN = dc=domain,dc=com

  • LDAP_Host = ldap://ldapserver

  • LDAP_Port = 389

  • LDAP_Bind_Search = {"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

If you need to auth users from subgroups in LDAP, use this filter:

LDAP_Bind_search = {"filter": "(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

Log in with an email address

  • LDAP_Enable = True

  • LDAP_Dn = dc=domain,dc=com

  • LDAP_Url = ldap://ldapserver

  • LDAP_Port = 389

  • LDAP_Bind_Search = {"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(mail=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

Log in with either an email address or username

  • LDAP_Enable = True

  • LDAP_Dn = dc=domain,dc=com

  • LDAP_Url = ldap://ldapserver

  • LDAP_Port = 389

  • LDAP_Bind_Search = {"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(|(mail=#{username})(sAMAccountName=#{username})))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

LDAP SSL connection

When you enable LDAP, the login form will log in users via LDAP instead of the internal account system.

Here, we are using Stunnel to create a secure connection to the LDAP server. Create a new configuration file /etc/stunnel/ldaps.conf with the following content:

options = NO_SSLv2

[ldaps]
client = yes
accept = 389
connect = your_ldap_server.com:636

To enable Stunnel automatic startup, change the ENABLED variable in /etc/default/stunnel4 to 1:

# Change to one to enable stunnel automatic startup
ENABLED=1

Finally, on the Rocket.Chat server under /admin/LDAP set these values:

  • LDAP host = localhost

  • LDAP port = 389

By tailoring these settings to your specific environment, you can ensure a secure, efficient, and user-friendly experience. As we conclude this section, remember that these examples serve as a guide, and it's crucial to adapt them to the unique requirements of your workspace.

This concludes the LDAP configuration section, which provides the various connection and user management settings in Rocket.Chat.

PreviousLDAP Premium SettingsNextSAML

Last updated