You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

SubjectPropertyExplanation
Security LDAP













blueriq.security.auth-providers.ldap01.typeWhat type of provider is used, in this case it always is 'ldap'

application.properties

blueriq.security.auth-providers.ldap01.connectionUrlThe connection url to the LDAP server

application.properties

blueriq.security.auth-providers.ldap01.userDnThe userDn to connect with the ldap; format should look something like 'cn=LDAP reader,ou=something,dc=company,dc=nl'

application.properties

blueriq.security.auth-providers.ldap01.passwordPassword to connect to the LDAP

application.properties

blueriq.security.auth-providers.ldap01.useTlsboolean to either use TLS or not for the LDAP connection; this setting is not required

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreUrlOnly required if useTls is true; the location to the truststore file

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStorePasswordOnly required if useTls is true; The password used to login to the keystore

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreTypeOnly required if useTls is true; what type of keystore is used, like 'jks' or 'pkcs12'

application.properties

blueriq.security.auth-providers.ldap01.referralStrategyCan be 'ignore' or 'follow'

application.properties

blueriq.security.auth-providers.ldap01.searchSubtreeUsed for searching in LDAP; boolean value if set to true, not only the current directory will be search, but also underlaying directories.

application.properties

blueriq.security.auth-providers.ldap01.userSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Gebruikers,DC=company,DC=nl'; points to the directory to where the user search should happen.

application.properties

blueriq.security.auth-providers.ldap01.userSearchAttributeUsed for searching in LDAP; What attribute to use to iddentify as a user, common use is : 'sAMAccountName'

application.properties

blueriq.security.auth-providers.ldap01.groupSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Groepen,DC=company,DC=nl'; points to the directory to where the group search should happen. Important for the roles for the user

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterAttributeUsed for searching groups in ldap; What attribute to use to to filter groups on; This property is not required

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterPattern

Used for searching groups in ldap; What pattern to use to to filter groups on;This property is not required;

Should look something like this: 'BQ_*, EVE_*,PRO - *,PRO -*'

Results in: ((<attribute>=BQ_*)(<attribute>=EVE_*)(<attribute>=PRO -*))

application.properties

blueriq.security.auth-providers.ldap01.role-mapping

Used for mapping LDAP groups to Blueriq roles, in the form

..role-mapping.<ldap group 1>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]
..role-mapping.<ldap group n>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]

application.properties