Enterprise users who host their own private Convox Console can take advantage of LDAP authentication and access. For more information on the Enterprise plan, see here.
SSO access through LDAP can be enabled by simply setting three or four environment variables on your Console app.
$ convox env set -a console AUTHENTICATION=ldap $ convox env set -a console LDAP_ADDR=auth.example.org:636 $ convox env set -a console LDAP_BIND=uid=%s,dc=example,dc=org
LDAP_ADDRset to your LDAP server address.
LDAP_BINDto a full bind string where
%swill be substituted for the user’s email address.
If your LDAP server does not have a valid certificate issued by a known CA, you can disable certificate validation:
$ convox env set -a console LDAP_VERIFY=no
Once configured, promote the environment changes
$ convox releases promote -a console --wait
To disable LDAP SSO access, change the
AUTHENTICATION environment variable back to it’s previous value or simply remove the value, as appropriate.