LDAP

Auth - LDAP supports LDAP key-value pairs, and beginning in Auth version 4.7.14 additional attributes can be added to the base configuration.

Field
Description

auth_default_group

string If specified, Auth will always assign an authenticated user this string value as a session group upon login.

generateToken

boolean If true, Auth module will generate a unique JWT token corresponding to the authenticating user. This will also require that a signing certificate be imported into Auth. Default is false.

keyAlias

string If generating a token, this value is the provided 'name' when the certificate is created prior to importing into Auth. Only required if generateToken is true.

claimsMap

string If generating a token, specify a comma-delimited list of LDAP attributes to be added as claims inside the JWT token. Only required if generateToken is true.

Optional: LDAP Connections Array

Beginning in Auth - LDAP version 4.7.14, LDAP supports listing multiple LDAP domain/connection point objects, using the same key-values listed above, within an auth_ldap_connections array. This will give several authentication options in case one service is unavailable. The authentication module will attempt each service until it successfully logs a user in with the provided credentials.

Auth LDAP Example (including optional auth_ldap_connections):

...
"auth_ldap": {
    "hostname": "ldapserver.bluefletch.com",
    "port": 636,
    "domain": "@BLUEFLETCH",
    "rootDN": "DC=BLUEFLETCH,DC=com",
    "useHttps": true,
    "auth_default_group": "Associates",
    "keyAlias": "aliasNameForKey",
    "generateToken": true,
    "claimsMap": "sam=sAMAccountName,cname=cn,upn=userPrincipalName,memberof=memberOf,dn=distinguishedName"
},
"auth_ldap_connections" : [
    {
        "hostname": "ldapserver.mnl.bluefletch.com",
        "port": 389,
        "domain": "@MNL",
        "rootDN": "DC=BLUEFLETCH,DC=com",
        "useHttps": false
    },
    {
        "hostname": "ldapserver.atl.bluefletch.com",
        "port": 636,
        "domain": "@ATL",
        "rootDN": "DC=BLUEFLETCH,DC=com",
        "useHttps": true
    } 
]
...

Last updated