You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Defining an LDAP authentication provider

In the application.properties file two properties are expected for an LDAP authentication provider:

application.properties
# connection
blueriq.security.auth-providers.ldap01.url=ldap://something.company.nl
blueriq.security.auth-providers.ldap01.userDn=cn=LDAP reader,ou=Systeembeheer,dc=everest,dc=nl
blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password>
blueriq.security.auth-providers.ldap01.useTLS=true

# Connection protection (if useTLS is true)
blueriq.security.auth-providers.ldap01.tls.trustStore=D:/location/to/your/certifactions.jks
blueriq.security.auth-providers.ldap01.tls.keyStorePassword=changeit
blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks

# Search 
blueriq.security.auth-providers.ldap01.referral=follow
blueriq.security.auth-providers.ldap01.searchSubtree=true
# Search user
blueriq.security.auth-providers.ldap01.userSearchBase=OU=Gebruikers,DC=everest,DC=nl
blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName
# Search group
blueriq.security.auth-providers.ldap01.groupSearchBase=OU=Groepen,DC=everest,DC=nl
blueriq.security.auth-providers.ldap01.groupSearchFilterAttribute=cn
blueriq.security.auth-providers.ldap01.groupSearchFilterPattern=BQ_*, EVE_*,PRO - *,PRO -*

To following fields are not required:

  • 'trustStore' , 'keyStorePassword' and 'trustStoreType' (unless useTLS is set to true)
  • groupSearchFilterPattern (unless groupSearchFilterAttribute is set)
  • groupSearchFilterAttribute (unless groupSearchFilterPattern is set)

Setting TLS (Transport Layer Security)

UseTLS can be set to true, By doing so,  'trustStore' , 'keyStorePassword' and 'trustStoreType' need to be filled.

  • trustStore: The location to the keystore
  • keyStorePassword: The password set for the keystore, by default this is 'changeit'
  • trustStoreType: what type of key store is used, like: jks, pkcs12

Make sure the keystore has the required certifications which the LDAP server has.

Tooling tips

  • Use ADExplore to checkout the LDAP environment
  • Use Keystore Explorer to see all the certifications or to create your own keystore and fill it certifications (instead of command line) 

 

  • No labels

Didn't find the answer you were looking for? Try the advanced search