Versions Compared

Old Version 7

changes.mady.by.user Olivier Michaut

Saved on

compared with

New Version 8

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


LDAP Settings

LDAP ServiceUDMG Admin UI login page with the LDAP provider.

Image Added

Example of a service section in UDMG Authentication Proxy for LDAP authentication

Code Block
languagetext
[service.ldap]
protocol = "http"
policy = "failover"

[service.ldap.credential]
username = "ldap_sync"
password = "ldap_password"

[[service.localldap.targets]]
hostname = "lb"
port = 8080

[service.ldap.auth.ldap]
file = "udmg-ldap-config.json"

...

The details of the LDAP server are defined in the JSON file. 
User Provisioning
In case of successful authentication on the LDAP, the UDMG user is created with default read permission in the internal UDMG database if it does not exist. Otherwise the user credentials are updated in the database to allow for authentication on the REST and CLI interfaces.
Default permissions after the user provisioning:
Image Added

The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:

 Code Block
languagetext
[service.local.auth.ldap]
file = "udmg-client user add -u ldap_sync -p ldap_password -r 'U=rw'

Anonymous Binding
Example of provider configuration file udmg-ldap-config.json
...
 for anonymous binding on the LDAP server.

 Code Block
languagetext
{
  "host": "localhostldap:1389",
  "insecureNoSSL": true,
  "usernamePrompt": "Email Address",
  "userSearch": {
    "baseDN": "dc=stonebranch,dc=com",
    "filter": "(objectClass=*)",
    "username": "cn",
    "idAttr": "uidNumber",
    "emailAttr": "uidNumber",
    "nameAttr": "cn"
  },
  "groupSearch": {
    "baseDN": "ou=readers,dc=stonebranch,dc=com",
    "filter": "(objectClass=groupOfNames)",
    "userMatchers": [
      {
        "userAttr": "DN",
        "groupAttr": "member"
      }
    ],
    "nameAttr": "cn"
  }
}
Explicit Binding
...
Example of provider configuration file udmg-ldap-config.json for explicit binding on the LDAP server.
 Code Block
languagetext
{
	"host": "localhostldap:1389",
	"bindDN": "cn=proxy,ou=users,dc=stonebranch,dc=com",
	"bindPW": "proxy_password",
	"insecureNoSSL": true,
	"usernamePrompt": "Email Address",
	"userSearch": {
		"baseDN": "dc=stonebranch,dc=com",
		"filter": "(objectClass=*)",
		"username": "uid",
		"idAttr": "uidNumber",
		"emailAttr": "uidNumber",
		"nameAttr": "cn"
	},
	"groupSearch": {
		"baseDN": "ou=users,dc=stonebranch,dc=com",
		"filter": "(objectClass=groupOfNames)",
		"userMatchers": [{
			"userAttr": "DN",
			"groupAttr": "member"
		}],
		"nameAttr": "cn"
	}
}
...