You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Defining an LDAP authentication provider
In the application.properties file two properties are expected for an LDAP authentication provider:
application.properties
# connection blueriq.security.auth-providers.ldap01.url=ldap://something.company.nl blueriq.security.auth-providers.ldap01.userDn=cn=LDAP reader,ou=Systeembeheer,dc=everest,dc=nl blueriq.security.auth-providers.ldap01.password=<encryptedvalue_password> blueriq.security.auth-providers.ldap01.useTLS=true # Connection protection (if useTLS is true) blueriq.security.auth-providers.ldap01.tls.trustStore=D:/location/to/your/certifactions.jks blueriq.security.auth-providers.ldap01.tls.keyStorePassword=changeit blueriq.security.auth-providers.ldap01.tls.trustStoreType=jks # search blueriq.security.auth-providers.ldap01.referral=follow blueriq.security.auth-providers.ldap01.searchSubtree=true blueriq.security.auth-providers.ldap01.userSearchBase=OU=Gebruikers,DC=everest,DC=nl blueriq.security.auth-providers.ldap01.userSearchAttribute=sAMAccountName blueriq.security.auth-providers.ldap01.groupSearchBase=OU=Groepen,DC=everest,DC=nl
All fields are required except for 'useTLS'. If useTLS is set to true, also the 'trustStore' , 'keyStorePassword' and 'trustStoreType' are required
Setting TLS (Transport Layer Security)
UseTLS can be set to true, By doing so, 'trustStore' , 'keyStorePassword' and 'trustStoreType' need to be filled.
- trustStore: The location to the keystore
- keyStorePassword: The password set for the keystore, by default this is 'changeit'
- trustStoreType: what type of key store is used, like: jks, pkcs12
Make sure the keystore has the required certifications which the LDAP server has.
Tooling tips
- Use ADExplore to checkout the LDAP environment
- Use Keystore Explorer to see all the certifications or to create your own keystore and fill it certifications (instead of command line)
Overview
Content Tools