Skip to main content

LDAP

This section will guide you through the configuration of the LDAP authentication provider.

The provider will use the LDAP endpoint to authenticate users and fetch the users and groups information.

Authentication Provider

To configure the LDAP authentication provider, you need to provide the following configuration:

# inside your values.yaml
ui:
  appConfig:
    # ... other configurations  ...
    auth:
      environment: default
      providers:
        simple_ldap:
          default:
            url: ldap://my.ldap.host.com
            bindDN: cn=admin,dc=my-company,dc=com
            bindCredentials: StrongAdminPassword
            searchBase: ou=users,dc=my-company,dc=com
            searchFilter: (uid={{username}})

where:

  • url is the LDAP server URL.
  • bindDN is the distinguished name of the user that will be used to bind to the LDAP server.
  • bindCredentials is the password of the user that will be used to bind to the LDAP server.
  • searchBase is the base DN for the search.
  • searchFilter is the filter to use when searching for users.
  • environment defines the name of the environment to enable as each provider can be configured for different environments, matching the key under the provider object. It will default to default if not provided.

In addition, you can also add the tlsOptions in case you want to use a secure connection to the LDAP server (ldaps). The configuration will look like this:

# inside your values.yaml
ui:
  appConfig:
    # ... other configurations  ...
    auth:
      providers:
        simple_ldap:
          default:
            ...
            tlsOptions:
              host: my.ldap.host.com
              port: 636
              minDHSize: 1024
              servername: my.ldap.host.com
              timeout: 30000

Organization Provider

To configure the LDAP organization provider, you need to provide the following configuration:

# inside your values.yaml
ui:
  appConfig:
    # ... other configurations  ...
    catalog:
      providers:
        ldapOrg:
          default:
            target: ldap://my.ldap.host.com
            bind:
              dn: cn=admin,dc=my-company,dc=com
              secret: StrongAdminPassword
            users:
              dn: ou=users,dc=my-company,dc=com
              map:
                name: uid
                displayName: displayName
                email: mail
            groups:
              dn: ou=groups,dc=my-company,dc=com
              map:
                name: cn
                displayName: cn
                userMembers: memberUid
            schedule:
              frequency: { hours: 5 }
              timeout: { minutes: 30 }

where:

  • target is the LDAP server URL.
  • bind is the distinguished name of the user that will be used to bind to the LDAP server and its password.
  • users is the base DN for the users search and the mapping of the user properties.
  • groups is the base DN for the groups search and the mapping of the group properties.

The schedule configuration is used to define the frequency and timeout of the fetching process. The frequency represents the time between two fetches, while the timeout represents the maximum time the fetching process can take.