Versions Compared

Old Version 16

changes.mady.by.user Geert Graat

Saved on

compared with

New Version 17

changes.mady.by.user Geert Graat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
titleapplication.properties
# Connection
blueriq.security.auth-providers.ldap01.type=ldap
blueriq.security.auth-providers.ldap01.connectionUrl=ldap://something.company.nl
blueriq.security.auth-providers.ldap01.userDn=cn=admin,ou=sysadmin,dc=mycompany,dc=com
blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password>
blueriq.security.auth-providers.ldap01.useTls=true

# Connection protection (if 'useTls' is true)
blueriq.security.auth-providers.ldap01.tls.trustStoreUrl=file:///D:/location/to/your/certifactions.jks
blueriq.security.auth-providers.ldap01.tls.trustStorePassword=changeit
blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks

# Search 
blueriq.security.auth-providers.ldap01.referralStrategy=follow
blueriq.security.auth-providers.ldap01.searchSubtree=true
# Search user
blueriq.security.auth-providers.ldap01.userSearchBaseDn=OU=users,DC=mycompany,DC=com
blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName
# Search group
blueriq.security.auth-providers.ldap01.groupSearchBaseDn=OU=groups,DC=mycompany,DC=com
blueriq.security.auth-providers.ldap01.groupSearchFilterAttribute=cn
blueriq.security.auth-providers.ldap01.groupSearchFilterPattern=BQ_*, EVE_*,PRO - *,PRO -*
# role mapping
blueriq.security.auth-providers.ldap01.role-mapping.ldapGroup1=BlueriqRole1,BlueriqRole2
blueriq.security.auth-providers.ldap01.role-mapping.ldapGroup2=BlueriqRole3,BlueriqRole4ldapGroup\ with\ spaces=BlueriqRole with spaces,BlueriqRoleC

The following fields are not required:

...

The role mapping is defined by specifying the LDAP group and mapping it to a Blueriq role, separated with a comma if there are multiple, as shown in the property file above. Note that spaces in groups need to be escaped with a backslash (\). Roles can contain spaces.

Tooling tips

  • Please refer to Encrypting passwords with the BlueriqEncryptor when encrypting the LDAP password
  • Use ADExplorer (Active Directory Explorer) to perform LDAP operations on an Active Directory server
  • Use Keystore Explorer to see all the certificates in a keystore or to create your own keystore and fill it with certificates (instead of via command line tools like 'keytool') 

...