Skip to main content

LDAP

This section will guide you through the configuration of the LDAP authentication provider.

The provider will use the LDAP endpoint to authenticate users and fetch the users and groups information.

Authentication Provider

To configure the LDAP authentication provider, you need to provide the following configuration:

auth:
  environment: default
  providers:
    simple_ldap:
      default:
        url: ldap://my.ldap.host.com
        bindDN: cn=admin,dc=my-company,dc=com
        bindCredentials: StrongAdminPassword
        searchBase: ou=users,dc=my-company,dc=com
        searchFilter: (uid={{username}})

where:

  • url is the LDAP server URL.
  • bindDN is the distinguished name of the user that will be used to bind to the LDAP server.
  • bindCredentials is the password of the user that will be used to bind to the LDAP server.
  • searchBase is the base DN for the search.
  • searchFilter is the filter to use when searching for users.
  • environment defines the name of the environment to enable as each provider can be configured for different environments, matching the key under the provider object. It will default to default if not provided.

In addition, you can also add the tlsOptions in case you want to use a secure connection to the LDAP server (ldaps). The configuration will look like this:

auth:
  providers:
    simple_ldap:
      default:
        ...
        tlsOptions:
          host: my.ldap.host.com
          port: 636
          minDHSize: 1024
          servername: my.ldap.host.com
          timeout: 30000

Organization Provider

To configure the LDAP organization provider, you need to provide the following configuration:

catalog:
  providers:
    ldapOrg:
      default:
        target: ldap://my.ldap.host.com
        bind:
          dn: cn=admin,dc=my-company,dc=com
          secret: StrongAdminPassword
        users:
          dn: ou=users,dc=my-company,dc=com
          map:
            name: uid
            displayName: displayName
            email: mail
        groups:
          dn: ou=groups,dc=my-company,dc=com
          map:
            name: cn
            displayName: cn
            userMembers: memberUid
        schedule:
          frequency: { hours: 5 }
          timeout: { minutes: 30 }

where:

  • target is the LDAP server URL.
  • bind is the distinguished name of the user that will be used to bind to the LDAP server and its password.
  • users is the base DN for the users search and the mapping of the user properties.
  • groups is the base DN for the groups search and the mapping of the group properties.

The schedule configuration is used to define the frequency and timeout of the fetching process. The frequency represents the time between two fetches, while the timeout represents the maximum time the fetching process can take.