Data privacy notice

 

When this content is loaded, usage information is transmitted to Vimeo and may be processed there.

 

             

LDAP

Modified on Mon, 14 Aug, 2023 at 6:00 PM

LDAP login services allows for user authentication via an LDAP (e.g. MS Active Directory or OpenLDAP). To configure an LDAP login service, a number of parameters are required, which are described below. For general information on basic settings and creating login services, see Login Services.


Contents

Configuration


Configuration of the connection to an LDAP server for an LDAP login service.


In the configuration section of the selected LDAP login service, the connection to the LDAP server is configured:

  • SSL encryption: Specifies whether the transport with the LDAP server can/should be encrypted using SSL.
  • LDAP server: Name or IP address of the LDAP server.
  • Port: Communication port of the LDAP server.
  • User for user search: This account must have permission to send search requests (user object) to the LDAP server.
  • Password: Password of the user for login to the LDAP server.
  • BaseDN for user search: BaseDN under which the users to be authenticated are searched. Example: ou="internal", dc="company", dc="en".
  • Filter query: Optional LDAP filter to apply further restrictions within the set of user objects (Tutorial).
  • User ID attribute: A set of AD attributes can be specified which should be used for user identification. These attributes will be tried in the specified order for user identification. If no attributes are specified, then by default the following attributes are attempted in this order for user identification: sAMAccountName, userPrincipalName, uid, and DN. The default behavior can also be configured using the ldap.override.filter.user.login parameter in the application poperties.
  • Entries per page (Paging): Specifies how many entries are expected from the LDAP server per page. A value of 0 disables this and all values are expected from the server.
  • Max. referral hops: Specifies the maximum number of referral hops to be performed on the LDAP server. A value of 0 disables the following of referrals.


Installing certificates in the Java TrustStore


Java running the Application Container must trust the LDAP server's certificate.
To do this, it may be required to import the root certificate used to issue the LDAP server's certificate into the Java truststore. Instructions on how to do this can be found on the Importing certificates into keystores page.


Connection check


Even before saving, it is possible to test the entered data. The Check connection button tests whether a connection to the LDAP server can be successfully established. The number of user objects found is returned in the success message.


Result of a successful connection test


Processing LDAP user data in forms


To process LDAP user data inside forms, see here.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article