ftrack can be synchronised with LDAP and Active Directory. All users found in LDAP or AD will be created or updated in ftrack and are instantly available for scheduling and planning.
When a user tries to login to ftrack, it will be detected as a LDAP/AD user and credentials are verified against the external server instead. This way there is no need for users to have a separate password for ftrack.
During synchronization ftrack will automatically activate new users and disable users that are no longer found.
ftrack will only accept users with all the required attributes:
- first/last name
- email address.
When configuring ftrack to use LDAP for authentication it is good practice to keep at least one regular ftrack user that can login even if the LDAP service fail or is misconfigured.
LDAP/AD can be configured from the LDAP Settings page in Settings.
When LDAP is enabled, a Sync menu will appear in the Users and Groups page in Settings.
Activate existing users - Turn this on to enable inactive users in ftrack if they appear in LDAP again. This is useful if you only want to enable/disable users in LDAP and have ftrack do the same automatically when syncing.
For ftrack to be able to talk to the LDAP server it has to accept a simple bind.
The type of a user can be changed from "ftrack" to "ldap" to change how the user authenticates. It is important that the user name in ftrack matches the username in LDAP.