LDAP syncronization

I set up the LDAP feature in Mattermost, and while the synchronization seems to work fine according to the UI, I cannot see those users listed in the Mattermost users list. What am I missing?

Hi Ricardo,

I think you also need to add them to the team. In your system console under “User Management” → “Teams” click on “Edit” and in the “Groups” section, add the LDAP group which users should automatically be added to your team. Upon the next sync, the users should be created.

1 Like

Thanks for the help @agriesser

I do not have a group filter in my LDAP settings. I should not need that, as group synchronization is an optional field in the LDAP settings. I came across the question below, which I guess explains the issue. Users are not created during synchronization, probably only updated or deleted.

I’m not talking about the group filter, just about the team management.
I’m using LDAP here on my own and as soon as I create a new user in our active directory, it automatically gets synced to Mattermost and an account is being created, at least I recall that being the case.
Do you want to add all your LDAP users to Mattermost or do they need to be in a specific group in order to login there?
Can you post the link to the documentation you found here?

Do you want to add all your LDAP users to Mattermost or do they need to be in a specific group in order to login there?

I want to add all my LDAP users to Mattermost.

https://docs.mattermost.com/onboard/ad-ldap.html#when-i-first-set-up-and-synchronize-ad-ldap-are-the-users-automatically-created-in-mattermost

Any idea what might be happening?

  1. Connection test runs fine.
  2. Synchronization runs fine and tells me the number of users I have in my LDAP server.
  3. When trying to log in with the LDAP user credentials, I get “The email/username or password is invalid.”

I’m using the Mattermost Cloud Enterprise free trial if this is relevant.

Attribute mapping that I’m using.

Hi Ricardo,

EnterpriseEdition has two types.
One of them is “E10” : It’ only possible to use LDAP group synchronization.
One of them is “E20” : It’ possible to use LDAP group synchronization.

I think The Edition of your use is “E10”. isn’t you?

https://docs.mattermost.com/about/editions-and-offerings.html

Hi Ricardo,

sorry for the late reply, I was under the wrong assumption that the users are being created immediately after they’ve been synced, but this is not the case, the documentation is right about that - as soon as the user tries to login, it will be created in the database, not earlier or by an automated process.

I think you cannot use the mail attribute as a username attribute, I think this needs to be set to sAMAccountName (which is the default value). In my setup, I do have the LoginIdAttribute set to sAMAccountName and can still login with the e-mail address, but there needs to be a valid username stored in the database and the e-mail address is not a valid username, so maybe that’s the problem you’re seeing here.