KNOWLEDGE BASE ARTICLE

Overview

Umango can look up user data from Active Directory or any LDAP-compatible directory using the LDAP merge method. Configure the following in the Advanced Configuration dashboard:

• ldap.path
• ldap.username
• ldap.password
• ldap.dn

1) ldap.path

Directory server endpoint used for lookups.

If not set, Umango uses the Windows domain of the host to form a default path like LDAP://<YourDomain>.

2) ldap.username

Optional service account used for directory bind. Leave blank to use the current Windows service identity.

• UPN: service.account@yourdomain.com
• Domain\SAM: YOURDOMAIN\service.account

Requires read access to target OUs.

3) ldap.password

Password for ldap.username. Ignored if username is blank (i.e., binding with the current Windows identity).

4) ldap.dn

Base DN to scope searches. Examples:

If omitted, Umango inspects RootDSE to pick a sensible default. You can set a narrower OU for performance/security.

How it works at runtime

1. Umango reads the LDAP settings from tenant configuration.
2. It binds to the directory (AD Negotiate with signing/sealing, or LDAP Basic/StartTLS as required).
3. It decides on a base DN from ldap.dn or RootDSE.
4. It searches for the user (e.g., via sAMAccountName, userPrincipalName, cn, uid, mail) and returns the requested attribute.

Failures are logged with helpful messages (bind errors, invalid DN, StartTLS required).

Using LDAP merge fields (correct syntax)

See the full guide for more attributes and usage patterns: Umango LDAP Merge Method Guide

Troubleshooting

Check Umango logs for messages like "LDAP bind failed", "Invalid base DN", or "StartTLS required".

Note About Azure Entra

When using Azure Entra for Umango authentication, similar lookups can be performed using the Entra() merge method. See the help guide: Umango Entra Merge Method Guide