Active Directory (AD)

Overview

Noodle can use LDAP with AD to authenticate as well as import users and groups.

Noodle Prerequisites

  • Before enabling LDAP in Noodle ensure your license key will accommodate the total number of users( local and from the AD group).
  • Using SSL may require a client certificate installed on the Noodle server.

Configuration

The AD settings are in System Tools > Settings > Single Sign-On.

  1. Toggle Enabled to Yes
  2. Enter the Name or IP address of your DC
  3. Make a new user in AD in the Users Container with rights to search other users, and enter the display name and primary FQDN in the Noodle Administrative field, password in the password field.
    • yes the display name, not the user name.
  4. Make a new Security Group in AD, add some users and groups to it, and tell Noodle it's name.
  5. Tell Noodle the primary Domain of the users in the security group
  6. Save

You should see “Active Directory is synchronized” display at the bottom of the page after the first sync is complete.

Additional Information

  • Synchronizing fields: firstname, lastname, email, phone1, phone2, pager, mobile, fax, address, city, state, country, zip, note, expiry, change password on login, locked, manager (read only)
  • Other synchronizing fields can be added in "System Tools > People > Administration > Settings > User Fields" (add "CN=sAMAccountName" to enable 1996 authentication)
  • Noodle imports ONLY users and groups that are directly members to the “Group Name” specified in Noodle (users from sub groups will not be imported) and users must have a matching primary "domain" specified in Noodle.
  • AD changes are reflected in Noodle every 10 minutes by default.
  • Authentication requests are forwarded from Noodle to Active Directory in real time.
  • Multiple DCs can be used by separating the settings with commas.
  • If you are using AD from a hosted site Please read this and at least whitelist the IP of your hosted domain for the required ports.
  • AD has at least 3 names per user;
    • "Logon Name"
    • "Pre-Windows 2000" (Legacy Logon Name)
    • "Common Name" (Full Name)

    Ideally they are all set to the same value for the service user to simplify authentication. Noodle is using the "Common Name" not the "Logon Name" for authenticating the service user, and is also using these compound names;

    • "Principal Name" (Logon Name + Primary domain)
    • "Distinguished name" (Common Name + Organizational Units + Domain Controllers)

See also the AD Troubleshooting Guide.