Authentication Tools
Child pages
  • org.clazzes.login.ldap

Versions Compared

Old Version 7

changes.mady.by.user Wolfgang Glas

Saved on

compared with

New Version Current

changes.mady.by.user Christoph Lechleitner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: moved to the Atlassian cloud

Functionality

...

This page has been moved to the Atlassian cloud

This page can now be found at: https://clazzes.atlassian.net/l/c/HCvtdui8

--

Functionality


The LDAP login service authenticates against users in an ADS domain or against users in an LDAP server configured for an individual domain.

...

 
Key
Default Value
Description
defaultDomain
The domain to use for principals, which do not contain a domain.
domain.<domain>.controllerUri 
The server to contact. Supported URL schemes: ldap, ldaps, ads. See below
domain.<domain>.authMethodsearchAndBindThe method for authenticating a user. Supported methods: searchAndBind, bindAds.
domain.<domain>.bindUser 
The DN used for binding before searching something in the domain <domain>. For tryLogin() this applies only to the authMethod searchAndBind.
domain.<domain>.bindPassword 
The password used for binding searching something in the domain <domain>. For tryLogin() this applies only to the authMethod searchAndBind.
domain.<domain>.userAttributesamAccountNameThe LDAP attribute to use for finding a given user name.
domain.<domain>.prettyNameAttributecnThe LDAP attribute to try to use as pretty name for users and groups.
domain.<domain>.eMailAddressAttributemailThe LDAP attribute to try to use as primary e-mail address for users.
domain.<domain>.mobileAttribute
The LDAP attribute to try to use as mobile phone number for users. This number is used to send ephemerals OTP for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value mobile in order to activate ephemeral OTP two-factor-authentication.
domain.<domain>.tokenIdsAttribute
The LDAP attribute to try to use as a space separated list of 12-character YubiKey token IDs (like cccccceiiuch) for users. These token IDs are used to check token OTPs for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value pager in order to activate token-based OTP two-factor-authentication.

...

<groupId>org.clazzes.login</groupId>
<artifactId>ldap-login-service</artifactId>

...