LDAP Wizard
Overview
AD/LDAP and SAML integrations are a significant pain point affecting multiple high-value customers, including NRI, ENISA, Bank of America, IMC, and the Department of Defence Australia.
The codebase is 7-8 years old with numerous patches, making maintenance challenging. We have many active AD/LDAP and SAML tickets, with approximately 190 unresolved or declined issues combined.
One of the major issues people faced is configuring SAML/LDAP due to a lack of guided setup wizards and overwhelming configuration options.
This document helps to address that by updating the LDAP page and adding LDAP Logs that allow users to go through a guided flow while setting up LDAP and also see the logs to better debug any issues that occur.
LDAP Page Updates
Connection Details
The user can now enter the connection details here and also test whether the connection is successful.
User Filters
We can combine the user filters and other additional filters here.
The user can test these things out here and also expand the additional filters.
Autocomplete suggestions
Where necessary, we should have autocomplete suggestions to allow users to fill out attributes correctly.
These are particularly relevant in User filters, and Account synchronisation.
Once the connection is made, we should fetch the attributes relevant to those fields and show them as autocompletes, and fill them correctly.
Example below.
Selecting Person it adds (objectClass=Person) to the field, or whatever syntax is appropriate.
Logs
There will be a LDAP logs button in the top right of the page header.
Clicking on it would open up a logs modal, allowing the user to test the connection again.
Error on fields
If there is an error on fields, we can show the error like this.