All Products
Search

This Product

    AI Coding Assistant Lingma:LDAP/Windows AD integration

    Document Center

    AI Coding Assistant Lingma:LDAP/Windows AD integration

    Last Updated:Apr 01, 2025

    LDAP and Windows AD integration with AI Coding Assistant Lingma (Lingma) facilitates the synchronization of user information managed based on LDAP or Windows AD protocols within an enterprise. It also enables logon to Lingma with LDAP or Windows AD accounts.

    Applicable editions

    Enterprise Dedicated

    Create users outside the synchronization scope

    Enterprise administrators can manage LDAP and Windows AD integration on the Enterprise Settings > Identity Providers page. To create Lingma users beyond users synchronized from the integrated identity providers (IdPs), select Support for built-in users.

    image

    Configure LDAP integration

    Prerequisites:

    • The LDAP service is deployed.

    • User account information is prepared on the LDAP server.

    • You have obtained the Bind DN and Bind Password for the LDAP server.

    Step 1: Configure the LDAP server connection

    Configure the connection to the LDAP server, including the following:

    • Server Address: The address and port of the LDAP server.

    • Base DN: The Base DN of the LDAP server, typically the root directory. To limit the synchronization scope for users, specify a subdirectory.

      Note

      Verify the scope of user synchronization to avoid syncing unintended users.

    • Bind DN: The Bind DN for the LDAP server, usually the administrator account of the LDAP server.

    • Bind DN Password: The password for the Bind DN.

    • User Query Condition: The filter used to select users for synchronization. If no filter is specified, the default is (objectClass=person).

    • Department Query Condition: The filter used to select departments for synchronization. If no filter is specified, the default is (objectClass=GroupOfUniqueNames).

    image

    After entering the preceding information, click Next.

    Step 2: Configure user synchronization

    Four methods for account identification and linking are available:

    • Link Accounts with Same Email: Links Lingma and LDAP users with identical email addresses.

    • Link Accounts with Same Username: Links Lingma and LDAP users with identical usernames.

    • Link Accounts with Same Mobile Number: Links Lingma and LDAP users with identical mobile phone numbers.

    • Link Accounts with Same Employee ID: Links Lingma and LDAP users with identical employee IDs.

    Regardless of the selected linking method, make sure that the corresponding attribute exists and is unique, because Lingma performs account matching in a strict one-to-one manner based on this attribute.

    image

    Next, configure the mapping of user attribute fields. Accounts in Lingma and your IdP will be matched based on the configured user attribute field mapping relationship, as shown in the following figure.

    image

    Step 3: Enable services

    Services provided by the LDAP integration are disabled by default. You can enable the following services:

    • Sync of Organizations and Users: Once enabled, the user directory in Lingma will remain synchronized with the specified scope of users in the LDAP server.

    • Single Sign-On: Once enabled, users can log on to Lingma using LDAP account credentials.

    image

    Perform the following operations to configure the services you want to enable:

    Sync of Organizations and Users

    • Data Sync Mode: The default is manual synchronization. You can switch between manual and scheduled synchronization.

      • Manual: After modifying LDAP data, the enterprise administrator must click Sync Now on the LDAP integration details page to synchronize user and organizational information.

        Note

        We recommend that you wait at least 1 hour between manual synchronizations.

      • Scheduled: Configure synchronization schedules by setting synchronizations to run daily, weekly, monthly, or at custom intervals. If enabling scheduled synchronization, manually trigger a synchronization immediately after saving the configuration to ensure that data is synchronized with Lingma without delay.

    • Processing of User Differences: By default, Lingma accounts that cannot match the synchronized LDAP users are ignored. Lingma accounts will be created and linked to LDAP users within the synchronization scope. Modify this setting as needed.

      • No LDAP user mapped to existing Lingma account - Ignore: If a Lingma account cannot match an LDAP account, the Lingma account will not be deleted.

      • No LDAP user mapped to existing Lingma account - Delete Lingma account: If a Lingma account cannot match an LDAP account, the Lingma account will be deleted.

      • No Lingma account mapped to existing LDAP user - Ignore: If an LDAP account cannot match a Lingma account, the system will not create a Lingma account for the LDAP account.

      • No Lingma account mapped to existing LDAP user - Create and link Lingma account: If an LDAP account cannot match a Lingma account, the system will create and link a Lingma account to the LDAP accounts based on account linking rules you specified in the Configure User Sync step.

    • Processing of Organizational Structure Differences: By default, AI Coding Assistant departments that cannot match the synchronized LDAP departments are ignored. AI Coding Assistant departments will be created and linked to LDAP departments within the synchronization scope. Modify this setting as needed.

      • No LDAP department mapped to existing AI Coding Assistant department - Ignore: If an AI Coding Assistant department cannot match an LDAP department, the AI Coding Assistant department will not be deleted.

      • No LDAP department mapped to existing AI Coding Assistant department - Delete AI Coding Assistant department: If an AI Coding Assistant department cannot match an LDAP department, the AI Coding Assistant department will be deleted.

      • No AI Coding Assistant department mapped to existing LDAP department - Ignore: If an LDAP department cannot match an AI Coding Assistant department, the system will not create an AI Coding Assistant department for the LDAP department.

      • No AI Coding Assistant department mapped to existing LDAP department - Create and link AI Coding Assistant department: If an LDAP department cannot match an AI Coding Assistant department, the system will create and link an AI Coding Assistant department to the LDAP department.

    Single Sign-On

    After enabling single sign-on (SSO), you can perform the following operations:

    • View the LDAP logon URL. Users with linked LDAP accounts can log on to Lingma using their LDAP credentials on this page.

    • Customize the display name and icon for the LDAP logon entry point, which will be displayed on the Lingma logon page.

    • Enable automatic creation of Lingma accounts on first logon:

      • By default, Automatic Account Creation is not selected. The system only links LDAP accounts to their matched Lingma accounts during logon. If no matching is found, the system will not create a Lingma account for the LDAP user based on the LDAP credentials.

      • When Automatic Account Creation is selected, a new Lingma account will be automatically created and linked to the LDAP account if no matching Lingma account exists.

      image

      If you do not need to enable the preceding services, you can save the configuration and enable the required services later on the LDAP integration details page. After completing all configurations, click Save.

    Log on to Lingma via LDAP

    With SSO enabled, the Lingma logon page will present the LDAP logon option. Clicking it directs users to the LDAP logon page, where users with linked LDAP accounts can log on using their LDAP credentials.

    View user and organization synchronization results

    When user and organization synchronization is enabled, go to the LDAP integration details page to view the latest synchronization status: No sync performed, Synchronized, Sync Failed, or Partially Synced.

    Modify services provided by the LDAP integration

    On the LDAP integration details page, cick Edit Settings to adjust or disable a specific service.

    image

    • Disabling user and organization synchronization will:

      • Preserve existing linking between Lingma and LDAP accounts.

      • Stop all future synchronizations of LDAP users and organizational data.

    • Disabling SSO will:

      • Preserve existing linking between Lingma and LDAP accounts.

      • Disable LDAP-based logon to Lingma. Users must use their Lingma logon credentials instead.

    Remove the LDAP integration

    To remove the LDAP integration, click Remove Integration on the LDAP integration details page. In the message that appears, click Remove. Removing the integration will:

    • Remove existing linking between Lingma and LDAP accounts. Previously synced information of organizations and users is retained.

    • Stop all future synchronizations of LDAP users and organizational data.

    • Disable LDAP-based logon to Lingma. Users must use their Lingma logon credentials instead.

    image