If an organization has LDAP server configured at its end and maintains its users’ data in LDAP, then QMetry supports LDAP integration to import such users into QMetry application. User authentication from LDAP/Active Directory as well as from QMetry database is provided considering existence of both kinds of users in the same organization. For example, an organization can have a large number of users in QMetry that are authenticated through their Active Directory and at the same time, can have a good number of users who do not have their accounts in the Active Directory.
The LDAP (Lightweight Directory Access Protocol) feature allows LDAP users to import themselves into QMetry database. The Admin needs to do the initial settings in Integration > LDAP. The LDAP should be “Active” to define the authentication type as LDAP.
Note: Only one LDAP AD can be integrated with QMetry for authentication.
Admin credentials are now optional to set up LDAP in order to enable anonymous search for users to import. If your LDAP allows anonymous queries, you can proceed without entering the Admin username and password on the settings screen.
Individual LDAP users will be added in QMetry database when they log into QMetry. Bulk users can not be imported at once because it may cause hanging QMetry during the process.
Admin’s credentials are made non mandatory.
Use Case: The Administrator does not want to enter Admin’s username and password in the fields, and save the credentials in the system. As their LDAP allows anonymous queries, they prefer to have the fields non mandatory.
When a user logs into QMetry for the first time with his LDAP credentials, the system first checks existence of the user in QMetry database. If the user exists in the database, then this user is authenticated using QMetry database. If the user does not exist in the QMetry database, then the credentials entered by the user are sent to the LDAP Active Directory. If the LDAP / Active Directory responds positively, the user will be added to the QMetry database. Default Project and default user role are assigned to this user to let him access QMetry.
Now next time when LDAP user logs into QMetry using LDAP credentials, the credentials are sent to LDAP / Active Directory for authentication as the user has already been added in the database. The user is allowed to access QMetry on receiving positive authentication from LDAP.
The new functionality works with different approach in different scenarios as mentioned below.
Scenario | The user has an account in - | Authentication Type is set as - | Result when the user tries to log into QMetry - |
1 | QMetry database | QMetry | QMetry will authenticate the user against QMetry database. If the match is found, the user will be able to log into QMetry. |
2 | QMetry database | LDAP | QMetry will authenticate that user against the LDAP/AD. If the match found, the user will be able to log into QMetry. This scenario is only valid when LDAP is active. |
3 | LDAP | LDAP | QMetry will authenticate that user against the LDAP/AD. If the user is authenticated successfully, the user’s account will be created in QMetry having Authentication Type “LDAP”.Once the user is created in QMetry, default Project and default role is assigned to that user to let him log into QMetry. Access will be automatically provided to the default Projects with default assigned role. |
If the user doesn't have an account in QMetry and also in the LDAP, then create an account for this user locally in QMetry. The user account will be added in QMetry database with Authentication Type “QMetry”. The user will be able to log into QMetry then.
LDAP/AD password is handled by LDAP/AD server. So LDAP/AD users need to contact their network administrator for any password related issues like Reset Password, Forget Password and Update Password. Other (non LDAP/AD) users can reset their password as usual through QMetry.
In this method, Admin needs to manually add LDAP users and assign them Project and corresponding role manually for security purpose and better controls of QMetry instance.
Steps for Admin to follow:
To add a new LDAP user follow the steps below:
In this method, Admin needs to set default settings for new LDAP user by assigning them a default role and Project. Once the settings are done there is no manual intervention required from admin. LDAP users are authenticated automatically.
Steps for Admin to follow:
For example, The “Tester” role is assigned as default role to the LDAP users when they log into QMetry the first time. You can assign different role later on. Only one role can be assigned as default role. So the role selected last will override the role assigned earlier. You can assign multiple Projects with a single User Role to the LDAP users. A warning message pops up when you are going to unassign that single assigned role.
Once the settings are done from Admin side, LDAP users can directly log into QMetry and are assigned default roles and Projects automatically.
Go to Integration > LDAP/SAML.
Select LDAP as Integration System on the next screen.
Provide details mentioned below to configure LDAP Settings:
ldap://<IPAddress>:<Port No.>
LDAP Integration also supports HTTPS protocol. So the Host format could be
ldaps:// <IPAddress>:<Port No.>
E.g., cn=example, cn=users, dc=example, dc=com
(Note: This is not a mandatory field. You can keep the field blank if your LDAP allows anonymous queries.)
Notes:
If the Active field is set as “Yes”, then only the Authentication Type in Customization > Users could be set as “LDAP” and the users will be able to log in with their LDAP password only.
If the Active field is set as “No”, then the Authentication Type in Customization > Users could be set as “QMetry”. Users are authenticated against QMetry database for login.
Active Directory Details: (on Windows) | LDAP Directory Details: (on Linux) |
Host: 10.12.51.4 | Host: ldap://10.12.51.238:389 ldaps://10.12.51.238:636 |
Base DN: DC=qmetry,DC=com | Base DN: dc=qmetry,dc=com |
Bind DN: CN=joseph,OU=sales,DC=qmetry,DC=com | BindDN: uid=root,ou=users,dc=qmetry,dc=com |
Data Attribute: sAMAccountName | Password: redhat Data Attribute: uid Sample User: leesa.mathew@qmetry.com Sample User Password: leesa123 |
There are two buttons on the page:
Authentication Type for the user is set from Customization > Users.
Default Projects are assigned from Projects > Project/Release/Cycle.
Default Roles are assigned from Customization > Roles.
Note: LDAP users can log in without organization code for on-premise installations.