The LDAP Module in MokoCRM enables synchronization with an external LDAP directory, allowing centralized user management and authentication. It is ideal for organizations using Active Directory, OpenLDAP, or other directory services to manage employee credentials, groups, and access policies across multiple systems.
The LDAP Module in MokoCRM enables synchronization with an external LDAP directory, allowing centralized user management and authentication. It is ideal for organizations using Active Directory, OpenLDAP, or other directory services to manage employee credentials, groups, and access policies across multiple systems.
🧾 Enabling the Module
- Navigate to:
Home → Setup → Modules → LDAP - Click Activate
- Go to Setup → Security → LDAP/AD to configure server settings
🔐 Server Configuration
- LDAP Host: IP or FQDN of your directory server
- Port: Typically 389 (LDAP) or 636 (LDAPS)
- Bind DN: Admin user with read rights (e.g., cn=admin,dc=example,dc=com)
- Password: Encrypted for secure access
- Base DN: Directory path to begin searches (e.g., ou=users,dc=example,dc=com)
🔁 Synchronization Options
- User Import: Automatically create MokoCRM users from LDAP
- <strongAuthentication: Allow LDAP users to log in using their directory credentials
- Map LDAP groups to MokoCRM roles or permissions
- Schedule periodic syncs via system cron or manual trigger
🧩 Integration With Other Modules
- Users: LDAP entries populate user list
- HRM: Sync LDAP data to employee records
- Security: Apply LDAP access control to system-level permissions
📌 Best Practices
- Always test with a staging LDAP account before enabling full sync
- Restrict LDAP bind user permissions to read-only when possible
- Use LDAPS (secure LDAP) to protect credentials and traffic
- Monitor sync logs regularly for errors or mismatched entries
- Coordinate with Moko Consulting for advanced group-role mapping or debugging