Versions Compared

Old Version 9

changes.mady.by.user Felix Janssen

Saved on

compared with

New Version 10

changes.mady.by.user Manon van Tilburg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated LDAP properties and clarified text

...

Code Block
languagetext
titleapplication.properties
# connectionConnection
blueriq.security.auth-providers.ldap01.urlconnectionUrl=ldap://something.company.nl
blueriq.security.auth-providers.ldap01.userDn=cn=LDAP reader,ou=Systeembeheer,dc=everest,dc=nl
blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password>
blueriq.security.auth-providers.ldap01.useTLSuseTls=true

# Connection protection (if useTLS'useTls' is true)
blueriq.security.auth-providers.ldap01.tls.trustStoretrustStoreUrl=file:///D:/location/to/your/certifactions.jks
blueriq.security.auth-providers.ldap01.tls.keyStorePasswordtrustStorePassword=changeit
blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks

# Search 
blueriq.security.auth-providers.ldap01.referralreferralStrategy=follow
blueriq.security.auth-providers.ldap01.searchSubtree=true
# Search user
blueriq.security.auth-providers.ldap01.userSearchBaseuserSearchBaseDn=OU=Gebruikers,DC=everest,DC=nl
blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName
# Search group
blueriq.security.auth-providers.ldap01.groupSearchBasegroupSearchBaseDn=OU=Groepen,DC=everest,DC=nl
blueriq.security.auth-providers.ldap01.groupSearchFilterAttribute=cn
blueriq.security.auth-providers.ldap01.groupSearchFilterPattern=BQ_*, EVE_*,PRO - *,PRO -*

The following fields are not required:

  • trustStoretrustStoreUrl, keyStorePassword trustStorePassword and trustStoreType (unless useTLS useTls is set to true)

  • groupSearchFilterPattern (unless groupSearchFilterAttribute is set)

  • groupSearchFilterAttribute (unless groupSearchFilterPattern is set)

Setting TLS (Transport Layer Security)

UseTLS useTls can be set to true, By by doing so,  trustStore trustStoreUrl , keyStorePassword trustStorePassword and trustStoreType need to be filled.

  • trustStoretrustStoreUrl: The location to the keystore where certificates are searched for when setting up the TLS connection to the LDAP server
  • trustStorePasswordkeyStorePassword: The password set for the keystore, by default this is 'changeit'
  • trustStoreType: what type of key store is used, like: 'jks, ' or 'pkcs12'

Make sure the keystore has the required certifications which contains the certificates (certificate chain) needed to connect to the LDAP server has.

Tooling tips

  • Use ADExplore to checkout the LDAP environmentADExplorer (Active Directory Explorer) to perform LDAP operations on an Active Directory server
  • Use Keystore Explorer to see all the certifications certificates in a keystore or to create your own keystore and fill it certifications with certificates (instead of via command line tools like 'keytool'