ftrack can be synchronized with LDAP and Active Directory. All users found in LDAP or AD will be created or updated in ftrack and are instantly available for scheduling and planning.
When a user tries to login to ftrack, it will be detected as a LDAP/AD user, and credentials are verified against the external server instead. This way, there is no need for users to have a separate password for ftrack.
During synchronization, ftrack will automatically activate new users and disable users that are no longer found.
Please note: ftrack will only accept users with all the required attributes:
|
When configuring ftrack to use LDAP for authentication, it is good practice to keep at least one regular ftrack user that can login even if the LDAP service fails or is misconfigured.
- LDAP/AD can be configured from the LDAP Settings page, which is located in the System settings > Resources > LDAP settings.
Explanation of the parameters:
When LDAP is enabled, a Sync menu will appear in the Resources > Users and Groups page in System settings.
Please note: The filter is used for the synchronization of accounts, not the login. Make sure to synchronize accounts accordingly to make sure that only valid accounts are enabled. Synchronization can be made manually on "Users and Groups" page, or using the API.
|
The type of a user can be changed from "ftrack" to "ldap" to change how the user authenticates. It is important that the user name in ftrack matches the username in LDAP.
Please note: For ftrack to be able to talk to the LDAP server, it has to accept a simple bind. |