Using the Built in LDAP Authentication Service
When LDAP authentication is enabled, FTL server delegates authentication requests to the LDAP server.
To enable LDAP authentication, ensure that the "auth.providers" parameter in the FTL server configuration file contains an LDAP URL. The URL can be either ldap://<host>:<port>, or ldaps://<host>:<port>.
In addition, configure the ldap.config parameter in the FTL server yaml configuration file. This file contains configuration for connecting to the LDAP server.
For details, see FTL Server Configuration Parameters.
For an example, see samples/yaml/ldap in the FTL installation directory.
Table here shows various ldap authentication service related parameters to be specified in the file specified in ldap.config
| LDAP Configuration name | Type | Examples | Description |
|---|---|---|---|
| ldap.user.basedn | String | ou=People,dc=ftl | Based DN used to search for ldap users |
| ldap.user.scope | String | ldap_user_scope |
The scope of the search. Valid values include:
The default is to use a one level search. |
| ldap.user.class | String | ldap_user_class | Criteria used for user search. What class indicates a user, what attribute contains a user's unique identifier Unless ldap.group.filter is specified, default search filter is auto generated from relevant configuration parameters |
| ldap.user.attribute | String | uid | The attribute that is compared to the user name for the search. The default is uid. |
| ldap.user.filter | String |
The filter used when searching for a user.
If a more complex filter is needed, use this property to override the default. Any occurrence of {0} in the search string is the user attribute, and {1} is replaced with the user name. The default is {0}={1} |
|
| ldap.group.basedn | String | ou=Groups,dc=ftl | The base path for the LDAP static group search. If null or not set, static groups are not searched. |
| ldap.group.scope | String | subtree |
The scope of the static group search. Valid values include onelevel, subtree, and object. Default is to use a subtree search. |
| ldap.group.filter | String | Criteria used for static group search, similar to that used for user search Unless ldap.group.filter is specified, default search filter is autogenerated from relevant configuration parameters | |
|
ldap.group.static.class |
String | groupofuniquenames | |
| ldap.group.static.attribute | String | cn | The attribute of a static LDAP group that contains the group name. Default is cn. |
| ldap.group.static.member.attribute | String | uniqueMember | The attribute ID of a dynamic LDAP group object that specifies the name of members of the group. Default is uniqueMember. |