You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Defining an LDAP
authentication provider
In the application.properties
file two properties are expected for an LDAP
authentication provider:
application.properties
# connection blueriq.security.auth-providers.ldap01.url=ldap://something.company.nl blueriq.security.auth-providers.ldap01.userDn=cn=LDAP reader,ou=Systeembeheer,dc=everest,dc=nl blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password> blueriq.security.auth-providers.ldap01.useTLS=true # Connection protection (if useTLS is true) blueriq.security.auth-providers.ldap01.tls.trustStore=D:/location/to/your/certifactions.jks blueriq.security.auth-providers.ldap01.tls.keyStorePassword=changeit blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks # Search blueriq.security.auth-providers.ldap01.referral=follow blueriq.security.auth-providers.ldap01.searchSubtree=true # Search user blueriq.security.auth-providers.ldap01.userSearchBase=OU=Gebruikers,DC=everest,DC=nl blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName # Search group blueriq.security.auth-providers.ldap01.groupSearchBase=OU=Groepen,DC=everest,DC=nl blueriq.security.auth-providers.ldap01.groupSearchFilterAttribute=cn blueriq.security.auth-providers.ldap01.groupSearchFilterPattern=BQ_*, EVE_*,PRO - *,PRO -*
To following fields are not required:
- 'trustStore' , 'keyStorePassword' and 'trustStoreType' (unless useTLS is set to true)
groupSearchFilterPattern (unless groupSearchFilterAttribute is set)
groupSearchFilterAttribute (unless groupSearchFilterPattern is set)
Setting TLS (Transport Layer Security)
UseTLS can be set to true, By doing so, 'trustStore' , 'keyStorePassword' and 'trustStoreType' need to be filled.
- trustStore: The location to the keystore
- keyStorePassword: The password set for the keystore, by default this is 'changeit'
- trustStoreType: what type of key store is used, like: jks, pkcs12
Make sure the keystore has the required certifications which the LDAP server has.
Tooling tips
- Use ADExplore to checkout the LDAP environment
- Use Keystore Explorer to see all the certifications or to create your own keystore and fill it certifications (instead of command line)
Overview
Content Tools