Skip to main content



Configure OpenLDAP


Explains what the feature is or what its benefits are to the user or customer.


Use this procedure to set up integration with LDAP using OpenLDAP.

Before configuring OpenLDAP, you will need this information:

  • URL to connect to OpenLDAP

    For example, ldap://

  • Distinguished Name template

    The template for usernames, for example cn={0},ou=users,dc=thoughtspot,dc=com

  • Whether you will use SSL.

    If yes, you'll need the certificate from the issuing authority.

  • Also use ThoughtSpot internal authentication?

    If you choose 'yes' for this, when a user logs in, ThoughtSpot will first attempt to authenticate the user against LDAP. If that attempt fails, it will then attempt to authenticate the user against ThoughtSpot. If either of these succeed, then the user is successfully logged in. This option is useful in scenarios where some users are not in LDAP and are created only in ThoughtSpot.

  • Automatically add LDAP users in ThoughtSpot?

    If you choose 'yes' for this, when a user is authenticated against LDAP, if that user does not exist in ThoughtSpot, the user is automatically created. When users are created in this way, their passwords exist only in LDAP and are not stored in ThoughtSpot.

    If you choose 'no' for this, users who will authenticate against LDAP have to be manually created with a dummy password as a placeholder in ThoughtSpot before they can log in. In order to log in to ThoughtSpot, the user has to exist in ThoughtSpot independent of whether that user is authenticated against LDAP or against ThoughtSpot's internal authentication.

Use the tscli command line to configure LDAP for OpenLDAP:

  1. Create a user called tsadmin on your LDAP server. This is the pre-defined superuser in ThoughtSpot, and its name is required to be tsadmin.
  2. Log In to the Linux Shell Using SSH.
  3. Run the command to configure LDAP:
    $ tscli ldap configure
  4. Answer the prompts using the information you collected. For example:
    Choose the LDAP protocol:
    [1]  Active Directory
    [2]  OpenLDAP
    Option number: 2
    Configuring OpenLDAP URL to connect to OpenLDAP: ldap://
    Distinguished Name template: cn={0},ou=users,dc=thoughtspot,dc=com
    Use SSL (LDAPS) (y/n): n
    Also use ThoughtSpot internal authentication (y/n): y
    Automatically add LDAP users in ThoughtSpot (y/n): n
  5. If you are using SSL, Add the SSL Certificate for LDAP.
  6. If you want to remove the LDAP configuration, issue:
    $ tscli ldap purge-configuration
  • Was this article helpful?