Lightweight Directory Access Protocol (LDAP) is a centralized access control system that is widely utilized by small and medium-scale organizations.

By configuring the LDAP service, you can log in to your StrideERP account using your LDAP credentials.

1. Pre-requisite

To use LDAP, you will first need to install the ldap3 Python module. To do this, open a terminal session on your server that hosts the StrideERP instance. Go to the frappe-bench directory. run the command: ./env/pip install ldap3

You are now ready to enable the LDAP service in StrideERP.

2. Setting up LDAP

To setup LDAP, go to

Admin > Integrations > LDAP

Many parameters are mandatory to allow StrideERP to connect to LDAP. They are:

  • LDAP Server URL: This is the URL to your LDAP server. Must be in the form of ldap://yourserver:port or ldaps://yourserver:port

  • Base Distinguished Name (DN): This is the distinguished name of the user that has permissions to look up user details on your LDAP server. This should be a user that only has read-only permissions on your LDAP Server.

  • Password for Base DN: This is the password for the user above, that is used to look up user details on your LDAP server.

  • Organization Unit of Users: This is the DN of the Organizational Unit that all users in your LDAP server must be part of to be able to log into StrideERP.

  • Default Role on Creation: When the user is created in StrideERP, they will be assigned with this default role, the first time they log in.

  • LDAP Search String: This field allows StrideERP to match the user/email entered in the StrideERP login screen, with the LDAP Server. For example, you could use email address, or username depending on your preference.

    It must be entered in the format: LDAPFIELD={0}

    Active Directory username example: sAMAccountName={0}

    Open LDAP username example: uid={0}

  • LDAP Email Field: Specifies the LDAP field that contains the email address of the user.

    Active Directory and Open LDAP example: mail

  • LDAP Username Field: Specifies the LDAP field that contains the username of the user.

    Active Directory example : sAMAccountName

    Open LDAP example: uid

  • LDAP First Name Field: Specifies the LDAP field that contains the first name of the user.

    Active Directory example: givenName

    Open LDAP example: sn

There are many other non-mandatory fields that you can use to map your LDAP user fields to the StrideERP user fields. They are:

  • Middle Name
  • Phone
  • Mobile