You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Defining an LDAP authentication provider

In the application.properties file, these properties are expected for an LDAP authentication provider:

application.properties
# Connection
blueriq.security.auth-providers.ldap01.connectionUrl=ldap://something.company.nl
blueriq.security.auth-providers.ldap01.userDn=cn=admin,ou=sysadmin,dc=mycompany,dc=com
blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password>
blueriq.security.auth-providers.ldap01.useTls=true

# Connection protection (if 'useTls' is true)
blueriq.security.auth-providers.ldap01.tls.trustStoreUrl=file:///D:/location/to/your/certifactions.jks
blueriq.security.auth-providers.ldap01.tls.trustStorePassword=changeit
blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks

# Search 
blueriq.security.auth-providers.ldap01.referralStrategy=follow
blueriq.security.auth-providers.ldap01.searchSubtree=true
# Search user
blueriq.security.auth-providers.ldap01.userSearchBaseDn=OU=users,DC=mycompany,DC=com
blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName
# Search group
blueriq.security.auth-providers.ldap01.groupSearchBaseDn=OU=groups,DC=mycompany,DC=com
blueriq.security.auth-providers.ldap01.groupSearchFilterAttribute=cn
blueriq.security.auth-providers.ldap01.groupSearchFilterPattern=BQ_*, EVE_*,PRO - *,PRO -*

The following fields are not required:

  • trustStoreUrl, trustStorePassword and trustStoreType (unless useTls is set to true)

  • groupSearchFilterPattern (unless groupSearchFilterAttribute is set)

  • groupSearchFilterAttribute (unless groupSearchFilterPattern is set)

Setting TLS (Transport Layer Security)

useTls can be set to true, by doing so,  trustStoreUrl , trustStorePassword and trustStoreType need to be filled.

  • trustStoreUrl: The location to the keystore where certificates are searched for when setting up the TLS connection to the LDAP server
  • trustStorePassword: The password set for the keystore
  • trustStoreType: what type of key store is used, like: 'jks' or 'pkcs12'

Make sure the keystore contains the certificates (certificate chain) needed to connect to the LDAP server.

Tooling tips

  • Use ADExplorer (Active Directory Explorer) to perform LDAP operations on an Active Directory server
  • Use Keystore Explorer to see all the certificates in a keystore or to create your own keystore and fill it with certificates (instead of via command line tools like 'keytool') 

 

  • No labels