LDAP login services allows for user authentication via an LDAP (e.g. MS Active Directory or OpenLDAP). To configure an LDAP login service, a number of parameters are required, which are described below. For general information on basic settings and creating login services, see Login Services.
Contents
Configuration
In the configuration section of the selected LDAP login service, the connection to the LDAP server is configured:
- SSL encryption: Specifies whether the transport with the LDAP server can/should be encrypted using SSL.
- LDAP server: Name or IP address of the LDAP server.
- Port: Communication port of the LDAP server.
- User for user search: This account must have permission to send search requests (user object) to the LDAP server.
- Password: Password of the user for login to the LDAP server.
- BaseDN for user search: BaseDN under which the users to be authenticated are searched. Example: ou="internal", dc="company", dc="en".
- Filter query: Optional LDAP filter to apply further restrictions within the set of user objects (Tutorial).
- User ID attribute: A set of AD attributes can be specified which should be used for user identification. These attributes will be tried in the specified order for user identification. If no attributes are specified, then by default the following attributes are attempted in this order for user identification: sAMAccountName, userPrincipalName, uid, and DN. The default behavior can also be configured using the ldap.override.filter.user.login parameter in the application poperties.
- Entries per page (Paging): Specifies how many entries are expected from the LDAP server per page. A value of 0 disables this and all values are expected from the server.
- Max. referral hops: Specifies the maximum number of referral hops to be performed on the LDAP server. A value of 0 disables the following of referrals.
Installing certificates in the Java TrustStore
Java running the Application Container must trust the LDAP server's certificate.
To do this, it may be required to import the root certificate used to issue the LDAP server's certificate into the Java truststore. Instructions on how to do this can be found on the Importing certificates into keystores page.
Connection check
Even before saving, it is possible to test the entered data. The Check connection button tests whether a connection to the LDAP server can be successfully established. The number of user objects found is returned in the success message.
Processing LDAP user data in forms
To process LDAP user data inside forms, see here.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article