Skip to main content
Altcraft Docs LogoAltcraft Docs Logo
User guideDeveloper guideAdmin guide
Company siteHelp center
English
  • Русский
  • English
v72
  • v74
  • v73
  • v72
Login
  • Getting Started
  • Administrator documentation
  • Functional characteristics
  • Technology description
  • System requirements
  • Admin Panel
  • Platform installation
  • Platform configuration
    • Configuration file
    • Domain settings
    • LDAP access configuration
    • Sending Email via SMTP relay
    • Pixel and push domain configuration
    • Cluster and Replication Setup
    • System notifications configuration
    • Processes UNIX sockets configuration
    • HTTPS Configuration
    • External SQL database integration
    • Adding sender IP addresses
    • Deduplication request settings
    • PostgreSQL database for account data
    • Proxy server settings
    • Getting HTTP service statuses
    • Configuration MongoDB logs rotation
    • Configuration of system constants and directories
  • Platform maintenance
  • Custom channels guide
  • Extra
  • Processing HTTP/HTTPS traffic
  • Administrator API
This is documentation for Altcraft Platform v72. This documentation is no longer maintained.
The information for up-to-date platform version at this page is available (v74).
  • Platform configuration
  • LDAP access configuration
Documentation for version v72

LDAP access configuration

Overview​

You can configure LDAP access to your Altcraft MP account and Administrative panel. This allows your employees to use company's directory service like Active Directory to log into the platform with a predefined set of access groups and roles.

LDAP can be used for both Administrative panel and for account User interface.

A DistinguishedName for a group of users includes nested groups of directory service hierarchy.

LDAP access to Administrative panel​

LDAP access to platform Administrative panel is configured in MarketingPlatform/config/main.json configuration file:

"LDAP": {
  "HOST": "<LDAP server host>",
  "PORT": <LDAPserverport>,
  "BINDLOGIN": "<LDAP user login>",
  "BINDPASS": "<LDAP user password>",
  "AUTH_GROUP": "<LDAP group distinguishedName>",
  "LDAP_ONLY": true/false,
  "IS_SSL": false/true,
  
},
"LDAP_CHECK_USER_TIME_PERIOD_SEC": 300

Specify your directory service net address and port as well as BINDLOGIN and BINDPASS — directory server login credentials.

caution

Directory service connection account must have sufficient access rights to the groups that will be used for platform authorisation.

  • AUTH_GROUP — unique LDAP group DistinguishedName, that will give users access to Altcraft MP Administrative panel using a login and password pair.

  • Configure SSL in your directory service and enable it in Altcraft by setting "IS_SSL" parameter to "true" for a secure connection.

  • LDAP_CHECK_USER_TIME_PERIOD_SEC — time interval between checking user DistinguishedName and access rights matching. It is configured outside "LDAP" object and affects bot Administrative panel and User interface. By default — 300 seconds.

note

LDAP_ONLY parameter restricts Altcraft login and password authorisations. All requests will be processed via LDAP to directory service.

After modifying main.json file restart Altcraft MP (./akd restart).

LDAP User interface access​

LDAP access to account User interface is set up for every account separately in Altcraft Administrative panel.

LDAP binding creation​

Enter Altcraft MP Administrative panel and open Create → LDAP binding or Setup → LDAP binding and press Create.

Specify LDAP connector name, directory server network address and port. Enter Username and Password for directory server database access. If you are planning to use a secure connection activate Use SSL option and set up directory service SSL certificates.

caution

Directory service connection account must have sufficient access rights to the groups that will be used for platform authorisation.

Setting up account LDAP access​

Open an existing account settings or create a new account. Activate Use LDAP option to get access to the settings:

note

LDAP only option restricts Altcraft login and password authorisations. All requests will be processed via LDAP to directory service.

Time interval between checking user DistinguishedName and access rights matching is configured in main.json configuration file in LDAP_CHECK_USER_TIME_PERIOD_SEC property with an integer value. By default — 300 seconds.

In a dropdown select an Assigned LDAP connector: LDAP binding, you are going to use for this account access.

Basic access settings​

For configuring basic account access you will need directory service DistinguishedNames for the following groups:

  • Auth Group — allows platform access with a default set of user groups and roles.
  • Master Group — allows master access to account settings, main group containing all account objects and to objects outside groups.

Both LDAP groups are required for a user to have master access.

Specify these groups DistinguishedNames in the corresponding fields. As DN examples the following are used: CN — common name, OU — organisation unit and DC — domain component.

Select or create Default Groupsand Default Roles to be accessible by default for all users with Authorized group DistinguishedName.

note

WARNING! Users with no assigned groups or roles cannot log into account.

In case a user role allows to interact with a certain group make sure the corresponding group is assigned to the user as well. Otherwise no access to the group will be permitted.

Access differentiation​

You can create directory service DistinguishedNames matching custom Altcraft MP groups and roles.

Enter the DistinguishedNames into these fields:

  • Groups matching — to set access groups matching.
  • Roles matching — to set access roles matching.

GroupsNusers.png

Authorizing with LDAP​

To enter Administrative panel use LDAP username and password.

To enter account interface use LDAP username with account alias: ldapuser@domain.com@account1, and LDAP password.

If LDAP only option is disabled, both Altcraft MP and LDAP login credentials can be used.

Last updated on Nov 24, 2023
Previous
Domain settings
Next
Sending Email via SMTP relay
  • Overview
  • LDAP access to Administrative panel
  • LDAP User interface access
    • LDAP binding creation
    • Setting up account LDAP access
      • Basic access settings
      • Access differentiation
  • Authorizing with LDAP
© 2015 - 2025 Altcraft, LLC. All rights reserved.