LDAP
Auth - LDAP supports LDAP key-value pairs, and beginning in Auth version 4.7.14 additional attributes can be added to the base configuration.
auth_default_group
string If specified, Auth will always assign an authenticated user this string value as a session group upon login.
generateToken
boolean If true
, Auth module will generate a unique JWT token corresponding to the authenticating user. This will also require that a signing certificate be imported into Auth. Default is false
.
keyAlias
string If generating a token, this value is the provided 'name' when the certificate is created prior to importing into Auth. Only required if generateToken
is true
.
claimsMap
string If generating a token, specify a comma-delimited list of LDAP attributes to be added as claims inside the JWT token. Only required if generateToken
is true
.
Optional: LDAP Connections Array
Beginning in Auth - LDAP version 4.7.14, LDAP supports listing multiple LDAP domain/connection point objects, using the same key-values listed above, within an auth_ldap_connections
array. This will give several authentication options in case one service is unavailable. The authentication module will attempt each service until it successfully logs a user in with the provided credentials.
Auth LDAP Example (including optional auth_ldap_connections
):
...
"auth_ldap": {
"hostname": "ldapserver.bluefletch.com",
"port": 636,
"domain": "@BLUEFLETCH",
"rootDN": "DC=BLUEFLETCH,DC=com",
"useHttps": true,
"auth_default_group": "Associates",
"keyAlias": "aliasNameForKey",
"generateToken": true,
"claimsMap": "sam=sAMAccountName,cname=cn,upn=userPrincipalName,memberof=memberOf,dn=distinguishedName"
},
"auth_ldap_connections" : [
{
"hostname": "ldapserver.mnl.bluefletch.com",
"port": 389,
"domain": "@MNL",
"rootDN": "DC=BLUEFLETCH,DC=com",
"useHttps": false
},
{
"hostname": "ldapserver.atl.bluefletch.com",
"port": 636,
"domain": "@ATL",
"rootDN": "DC=BLUEFLETCH,DC=com",
"useHttps": true
}
]
...
Last updated