Skip to content

轻量级目录访问协议 (LDAP)#

¥Lightweight Directory Access Protocol (LDAP)

Feature availability

  • 适用于自托管企业版和云企业版套餐。

¥Available on Self-hosted Enterprise and Cloud Enterprise plans.

  • 你需要访问 n8n 实例所有者账户。

¥You need access to the n8n instance owner account.

本页面介绍了如何在 n8n 中启用 LDAP。假设你熟悉 LDAP,并且已经设置了 LDAP 服务器。

¥This page tells you how to enable LDAP in n8n. It assumes you're familiar with LDAP, and have an existing LDAP server set up.

LDAP 允许用户使用其组织凭据登录 n8n,而无需使用 n8n 登录凭据。

¥LDAP allows users to sign in to n8n with their organization credentials, instead of an n8n login.

启用 LDAP#

¥Enable LDAP

  1. 以实例所有者身份登录 n8n。

¥Log in to n8n as the instance owner. 2. 选择“设置”>“LDAP”。

¥Select Settings {.off-glb} > LDAP. 3. 启用“启用 LDAP 登录”。

¥Toggle on Enable LDAP Login. 4. 使用 LDAP 服务器的详细信息填写字段。

¥Complete the fields with details from your LDAP server. 5. 选择“测试连接”以检查连接设置,或选择“保存连接”以创建连接。

¥Select Test connection to check your connection setup, or Save connection to create the connection.

启用 LDAP 后,除非你使用用户过滤器设置将其排除,否则 LDAP 服务器上的任何人都可以登录 n8n 实例。

¥After enabling LDAP, anyone on your LDAP server can sign in to the n8n instance, unless you exclude them using the User Filter setting.

你仍然可以在“设置”>“用户”页面创建非 LDAP 用户(电子邮件用户)。

¥You can still create non-LDAP users (email users) on the Settings > Users page.

合并 n8n 和 LDAP 账户#

¥Merging n8n and LDAP accounts

如果 n8n 为电子邮件用户和 LDAP 用户找到匹配的账户(匹配的电子邮件),则用户必须使用其 LDAP 账户登录。n8n 实例所有者账户不包含在内:n8n 绝不会将所有者账户转换为 LDAP 用户。

¥If n8n finds matching accounts (matching emails) for email users and LDAP users, the user must sign in with their LDAP account. n8n instance owner accounts are excluded from this: n8n never converts owner accounts to LDAP users.

n8n 中的 LDAP 用户账户#

¥LDAP user accounts in n8n

首次登录时,n8n 会为 LDAP 用户在 n8n 中创建一个用户账户。

¥On first sign in, n8n creates a user account in n8n for the LDAP user.

你必须在 LDAP 服务器上管理用户详细信息,而不是在 n8n 中管理。如果你在 LDAP 服务器上更新或删除用户,n8n 账户将在下次计划同步时更新,或在用户下次尝试登录时更新,以先到者为准。

¥You must manage user details on the LDAP server, not in n8n. If you update or delete a user on your LDAP server, the n8n account updates at the next scheduled sync, or when the user next tries to log in, whichever happens first.

User deletion

如果你从 LDAP 服务器中删除用户,他们将在下次同步时失去 n8n 访问权限。

¥If you remove a user from your LDAP server, they lose n8n access on the next sync.

关闭 LDAP#

¥Turn LDAP off

关闭 LDAP:

¥To turn LDAP off:

  1. 以实例所有者身份登录 n8n。

¥Log in to n8n as the instance owner. 2. 选择“设置”>“LDAP”。

¥Select Settings {.off-glb} > LDAP. 3. 关闭“启用 LDAP 登录”。

¥Toggle off Enable LDAP Login.

如果关闭 LDAP,n8n 会在现有 LDAP 用户下次登录时将其转换为电子邮件用户。用户必须重置密码。

¥If you turn LDAP off, n8n converts existing LDAP users to email users on their next login. The users must reset their password.