Auth - LDAP supports LDAP key-value pairs, and beginning in Auth version 4.7.14 additional attributes can be added to the base configuration.



string If specified, Auth will always assign an authenticated user this string value as a session group upon login.


boolean If true, Auth module will generate a unique JWT token corresponding to the authenticating user. This will also require that a signing certificate be imported into Auth. Default is false.


string If generating a token, this value is the provided 'name' when the certificate is created prior to importing into Auth. Only required if generateToken is true.


string If generating a token, specify a comma-delimited list of LDAP attributes to be added as claims inside the JWT token. Only required if generateToken is true.

Optional: LDAP Connections Array

Beginning in Auth - LDAP version 4.7.14, LDAP supports listing multiple LDAP domain/connection point objects, using the same key-values listed above, within an auth_ldap_connections array. This will give several authentication options in case one service is unavailable. The authentication module will attempt each service until it successfully logs a user in with the provided credentials.

Auth LDAP Example (including optional auth_ldap_connections):

"auth_ldap": {
    "hostname": "ldapserver.bluefletch.com",
    "port": 636,
    "domain": "@BLUEFLETCH",
    "rootDN": "DC=BLUEFLETCH,DC=com",
    "useHttps": true,
    "auth_default_group": "Associates",
    "keyAlias": "aliasNameForKey",
    "generateToken": true,
    "claimsMap": "sam=sAMAccountName,cname=cn,upn=userPrincipalName,memberof=memberOf,dn=distinguishedName"
"auth_ldap_connections" : [
        "hostname": "ldapserver.mnl.bluefletch.com",
        "port": 389,
        "domain": "@MNL",
        "rootDN": "DC=BLUEFLETCH,DC=com",
        "useHttps": false
        "hostname": "ldapserver.atl.bluefletch.com",
        "port": 636,
        "domain": "@ATL",
        "rootDN": "DC=BLUEFLETCH,DC=com",
        "useHttps": true

Last updated