OneLogin integrates with LDAP servers (such as Active Directory, OpenLDAP etc.). This provides the following features to OneLogin users:

• Users can login to OneLogin using their network username and password.
• New users are automatically created when logging in for the first time.

The following requirements must be met, in order to enable LDAP integration in OneLogin:

• A set of credentials for a user able to search through the directory.
• The password for the user in the directory with the same email address as you (the administrator). 
• The LDAP directory must be accessible from our servers (IP addresses: 184.106.14.98 and 72.3.150.221).

To configure, follow these steps:

1. Login to OneLogin as an administrator.
2. Click Security -> Directory.
3. Select Enable.
4. For LDAP server hostname, enter the hostname or IP-address where your LDAP server can be reached. In the port field, enter the port number of your LDAP server. This is usually 389.
5. Optionally enter your Gateway IP address. Users not already in OneLogin will be added automatically if they originate from this IP address and authenticate successfully.
6. Enter a Base DN (e.g. cn=intranet,cn=mycompany,cn=com). This is the starting point for searching for users.
7. Enter a Bind DN. This is used for logging (binding) into your LDAP server for searching for users. For Active Directory this could be DOMAIN\username. For other LDAP servers, its usually in the form "cn=Firstname Lastname,ou=People,cn=intranet,cn=mycompany,cn=com). 
8. Enter a password matching the Bind DN.
9. Enter a LDAP user password for the user you currently logged into OneLogin with. This is used to validate the connection and settings, and that you're able to log back into OneLogin after enabling directory integration.
10. Enter the firstname attribute (usually "givenName"), and lastname attribute (usually "sn").
11. Select the default role for users created by the directory integration. If you didn't enter an IP-address in step 5, this selection is not important. 
12. Click Update.

Troubleshooting

• "Error while trying to bind/search". Check that your LDAP server can be reached at the LDAP server hostname and port.
• "Invalid user credentials". The Bind DN and password didn't match an entry in the LDAP directory.
• "LDAP error: Invalid DN syntax" or "LDAP error: Operations error" or "Error while trying to bind/search".  Indicates a non-existing Base DN, or that the Base DN cannot be accessed with the Bind DN provided. Also verify that the user used for validation in step 9, has the firstname and lastname attributes from step 10.