Getting Started

Want to manage access to your LDAP server with ease? We have you covered. You can setup access management through Opal to LDAP in minutes.

Supported Services

  • LDAP groups: Add or remove users to any LDAP group within your server. Groups are imported by nesting them inside a group called Opal in your server, which Opal automatically discovers.

Notably, Opal does not yet support syncing Organizational Units (OUs) or entire OU or group sub trees automatically.


Create an LDAP connection

To get started, head to the Connections page and click on the LDAP Service tile.

Click on the LDAP tile to get started.

Click on the LDAP tile to get started.

You will see a form with multiple steps that must be completed. Opal requires multiple credentials in order to manage your LDAP server.

Step 1 - Configure an LDAP binder account for Opal

In order for Opal to manage your LDAP server on your behalf, we'll need you to create an LDAP service account (known as a binder account in OpenLDAP contexts) for your server with proper permission scopes.

Step 2 - Reachability

  • Ensure your LDAP hostname is reachable from the instance that is hosting the Opal app.

Step 3 - Create Opal group

  • Create an LDAP group called Opal. This group can be used later to automatically import groups into Opal by adding them as members of this group.

Step 4 - Fill out Opal Connections form

  • Back in the Connections form, fill in details about your LDAP server and binder account:

  • For Server hostname and Server port, you must input the hostname and port of your LDAP server. As mentioned above, please ensure it's discoverable from the instance hosting the Opal app.

  • For Base distinguished name, you should entered the Distinguished Name (DN) of the OU that Opal should begin directory searches from.

  • For Root username and Root password, you should enter the credentials of the LDAP binder account that you created above.

  • For Group attribute unique identifier, you should enter the name of the attribute that your LDAP server uses to uniquely identity groups. entryUUID is typically used.

If this step is successful, you have completed setting up the LDAP server connection.

Step 5 - Manually import LDAP groups

  • Click on Groups in the left sidebar.

  • In the top right, click on the + (Plus) button, then Import groups.

  • Select your LDAP connection

  • Then select which groups you'd like to import

As mentioned above, if you'd like to automatically import groups into Opal, you can simply create them as members of the Opal group you created above.

❗️Enable Opal for access management

If you want to use Opal to manage access to LDAP groups, you will need to enable the Manage resources and groups from Opal in the Admin page. You can read more about how to do that here.

Did this answer your question?