Authentication on LDAP

To authenticate with an LDAP simply configure the following properties in the application.yml of the control panel.

The user defined with username must have query permission on the LDAP.

Authorization on LDAP

Role mapping

With this configuration, you will delegate authentication to an LDAP.

Optionally, the properties  ldap.platformRolesGroup allow to manage the user's roles of the platform from the LDAP.

Each role in the platform must be associated to a group of users in the LDAP, an the DN of each group is cofigured in these properties for each one of the roles.

Let's supose a LDAP with this structure of users groups with the platform roles Administrator, Analytics, Developer, Sys_Admin y User, under the DN: OU=AppSofia2,OU=AppSmart,DC=aytologd

The configuration to map these roles is:

Importing users

To import users from an LDAP to the platform configuration database, there are two alternatives:

• Successful login: Each time a user is authenticated, if the user does not exist, it will be inserted into a database with the role of the group in the LDAP where that user is member, or ROLE_DEVELOPER as default if the user is not member of any Role group or the roles are not configured.
• Import through a Realm: The second alternative is the creation of a Realm, and then import users or entire groups, mapping LDAP roles with Realm roles. The user will be inserted into a database with the role of the group in the LDAP where that user is member, or ROLE_DEVELOPER as default if the user is not member of any Role group or the roles are not configured.

Use of LDAP users in Realms

The same can be done with the groups.

When an LDAP group is mapped with a ROLE, all the users will be created on the platform associated with that role.