🔒 Secure-first SQL Editor with data access control and masking 🎭

Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protocol used to lookup information or devices within a network. Bytebase supports using LDAP for configuring Single Sign-On (SSO).

Configuration

Basic information:

  • Name: the display name shown to your users (e.g. JumpCloud)
  • Identity Provider ID: a human-readable unique string, only lower-case alphabets and hyphens are allowed (e.g. jumpcloud)
  • Domain: the domain name to scope associated users (e.g. jumpcloud.com, optional)

Identity provider information:

  • Host: the host of LDAP server (e.g. ldap.jumpcloud.com)
  • Port: the port number of the LDAP server, usually 389 for StartTLS and 636 for LDAPS
  • Bind DN: the Distinguished Name (DN) of the user to bind as a service account to perform search requests (e.g. uid=system,ou=Users,dc=jumpcloud,dc=com)
  • Bind Password: the password of the user to bind as a service account
  • Base DN: the base Distinguished Name (DN) to search for users (e.g. ou=users,dc=jumpcloud,dc=com)
  • User Filter: the filter to search for users (e.g. (uid=%s), where %s will be subsituted by the username)
  • Security protocol: the security protocol to be used for establishing connections with the LDAP server

User information field mapping:

  • Email: the attribute to be used as the Bytebase user email address (e.g. mail)
  • Display name: the attribute to be used as the Bytebase user display name (e.g. displayName, optional)
  • Phone: the attribute to be used as the Bytebase user phone number (e.g. phone, optional)

JumpCloud

info

  • The attribute uid is the username (e.g. system) not the email (e.g. system@example.com) in JumpCloud.
  1. Follow the JumpCloud Use Cloud LDAP to create an LDAP binding user and add Users to the LDAP directory.
  2. In Bytebase, go to Settings > SSO to create a new LDAP provider (all values are examples):
    • Name: JumpCloud
    • Identity Provider ID: jumpcloud
    • Domain: jumpcloud.com
    • Host: ldap.jumpcloud.com
    • Port: 389
    • Bind DN: uid=YOUR_USERNAME,ou=Users,o=YOUR_ORG_DN,dc=jumpcloud,dc=com
    • Bind Password: YOUR_PASSWORD
    • Base DN: ou=Users,o=YOUR_ORG_NAME,dc=jumpcloud,dc=com
    • User Filter: (&(objectClass=posixAccount)(uid=%s))
    • Security protocol StartTLS
    • Email: mail
    • Display name: displayName

Okta

info

The attribute uid is the username (e.g. system) not the email (e.g. system@example.com) in Okta.

  1. Follow the Okta Enable the LDAP interface to enable LDAP interface for your directory.
  2. In Bytebase, go to Settings > SSO to create a new LDAP provider (all values are examples):
    • Name: Okta
    • Identity Provider ID: okta
    • Domain: okta.com
    • Host: YOUR_SUBDOMAIN.ldap.okta.com
    • Port: 389
    • Bind DN: uid=YOUR_USERNAME,ou=users,dc=YOUR_SUBDOMAIN,dc=okta,dc=com
    • Bind Password: YOUR_PASSWORD
    • Base DN: ou=users,dc=YOUR_SUBDOMAIN,dc=okta,dc=com
    • User Filter: (&(objectClass=inetOrgPerson)(uid=%s))
    • Security protocol StartTLS
    • Email: mail
    • Display name: cn
Edit this page on GitHub

Schema Migration Best Practice

Challenges, mistakes, and best practices for database schema migration

Learn How

Subscribe to Newsletter

By subscribing, you agree with Bytebase's Terms of Service and Privacy Policy.