AD Integration Ships — Live Tested Against Real Azure AD and Samba LDAP

Today we're shipping Active Directory integration for NOBA Enterprise. Three features, two connectors, one wizard that actually works against real infrastructure.

What shipped

AD Sync connects to Azure AD (Entra ID) via the Microsoft Graph API or to on-premises Active Directory via LDAP. It runs periodic syncs, maps AD groups to NOBA roles (admin, operator, viewer), and handles disabled users correctly — they're skipped during import and disabled locally if removed from AD.

AD Migration is a 7-step wizard for organizations replacing their directory with NOBA as the identity source: Connect, Discover, Map, Plan, Dry Run, Execute, Report. Each step has back navigation. The dry run shows exactly what will happen before any users are created.

AD Acquisition adds a conflict resolution layer for M&A scenarios. When you absorb another company's AD into your NOBA instance, username and email conflicts are surfaced and resolved before the merge executes. Rename, merge, or skip — your choice for each conflict.

How we tested it

Every prior test used mocked connectors. This time we stood up real infrastructure:

• An Azure AD dev tenant with 8 test users across 3 groups, including 2 disabled accounts
• A Samba AD Domain Controller running in an LXC container with identical users
• The full NOBA instance deployed on a Proxmox test node

The Azure sync completed in 1.2 seconds. LDAP connection test responded in 48ms. The migration wizard ran all 7 steps end-to-end in the browser and landed on SUCCESS: 12 users created, 0 errors.

What we found

Live testing caught 14 bugs that 3,553 mocked unit tests couldn't see. The most interesting:

• Every Vue component was destructuring const { data } = await post(...) but our API composable returns raw JSON, not an Axios-style wrapper. Silent undefined on every wizard action.
• The license file generated before AD features existed didn't include the new feature flags. Enterprise plan now always gets all features regardless of what the license snapshot says.
• Users disabled by a stale directory were classified as "unchanged" during re-sync, so the re-enable logic never fired. The diff function now checks local disabled state.

On the security side, a deep review found LDAP filter injection via stored batch config, disabled directories that kept syncing, and tenant isolation applied after SQL LIMIT instead of before. All fixed before the merge to main.

The numbers

• 15,600+ lines of new code across 141 files
• 89+ security findings resolved
• 3,553 unit tests passing
• 19 CI checks green
• 2 connectors (Graph API + LDAP)
• 3 features (Sync, Migration, Acquisition)
• 14 bugs found from live testing alone

Try it

AD integration is available now in NOBA Enterprise (open beta). Deploy it, point it at your directory, and tell us what breaks.

git clone https://github.com/raizenica/noba-enterprise.git
cd noba-enterprise
docker compose up -d

Then head to Settings → AD Sync to connect your first directory.