Backend / Administrative Area LDAP integration

Submitted by -

It would be really great if the UniFi backend portal could be integrated with a LDAP (or ActiveDirectory) infrastructure.  Being able to assign sites and privileges based on LDAP/AD username or group membership would be amazing.

Almost every other software package we use has this ability and has greatly reduced the burdon on securing everything (Remembering to go through every package we use and deactive accounts when someone leaves), and it means the end user only needs to remember one username/password combination.  Adding/removing a user from a system is in a centeralized place.

 

Duplicates:
http://community.ubnt.com/t5/UniFi-Feature-Requests/Active-Directory-LDAP-admin-authentication-on-unifi-server/idi-p/619103
http://community.ubnt.com/t5/UniFi-Feature-Requests/Controller-login-control-based-on-LDAP-RADIUS/idi-p/776658

Comments
by
on ‎03-09-2018 01:07 AM

+1 for LDAP - for all the reasons mentioned above ...

by
on ‎04-16-2018 11:32 PM

This feature request is going on 5 years old with huge demand and high necessity, whats the hold up on seeing some movement for this?

by
on ‎04-24-2018 06:43 PM

I'm bumping this again. 

 

This feature is absolutely essential for enterprise networks.

 

LDAP integration is really rather trivial too. I've personally writen LDAP integration before.

 

The workflow is simple:

 

Pre-step: Create a security group in Active Directory / LDAP called "UniFi Admins" and another called "UniFi Readonly"

 

  1. Query LDAP for matching user.
  2. Bind to validate passsword.
  3. Query the users group membership (could possible be performed prior to step 2).
  4. If the user is a member of one of the two groups (i.e. 'Unifi Admins' or 'Unifi Readonly') grant the user access.

 

This could also easily be extended to dynmically assocate 802.1X users to specific user groups for rate-limiting purposes.

 

If you need some examples how possible implementation models check out: PaperCut, FreePBX, pfSense, VMWare vSphere, 

by
on ‎04-25-2018 05:50 PM

I would also hope the Ad integration would work with DPI so users are tagged to their mahcine ip's for traffic analysis for policy enforcement.

by
on ‎04-25-2018 05:56 PM

@UBNT-teunis Do yo know how long something like this will be in consideration stage before being implmented? It seems that no one from UBNT has even addressed it. 

by
on ‎04-25-2018 09:29 PM

LDAP integration is huge for our environment. I'm sure many others can agree.

Can we please see this feautre in the near future.

 

by
on ‎04-25-2018 10:05 PM

Seriously. I find it a bit incredulous that this is still “under consideration” for how much of a critical feature this is in any enterprise environment.

 

Every serious competitor has this functionality. It can’t be that difficult to implement. If it is, I would love to know why. 

by
on ‎04-25-2018 10:17 PM

This has got to be something taken seriously. I can't believe it's been like this for years. The script is less than 50 lines of code unless there's something I'm missing. The guy above even offered a sampling.

by
on ‎04-25-2018 10:26 PM

It's been 4 years.  I get you guys sell your products cheaper but how could something so simple still not be implemented? Is Ubiquiti products not intended for Enterprise?

by
on ‎04-25-2018 10:28 PM

I've been submitting help tickets with links to this article hoping it annoys someone enough to at least have the courtesy to comment on here.