Functionality
...
This page has been moved to the Atlassian cloud
This page can now be found at: https://clazzes.atlassian.net/l/c/HCvtdui8
--
Functionality
The LDAP login service authenticates against users in an ADS domain or against users in an LDAP server configured for an individual domain.
...
Key | Default Value | Description | |
---|---|---|---|
defaultDomain | The domain to use for principals, which do not contain a domain. | ||
domain.<domain>.controllerUri | The server to contact. Supported URL schemes: ldap , ldaps , ads . See below | ||
domain.<domain>.authMethod | searchAndBind | The method for authenticating a user. Supported methods: searchAndBind , bindAds . | |
domain.<domain>.bindUser | The DN used for binding before searching something in the domain <domain>. For tryLogin() this applies only to the authMethod searchAndBind . | ||
domain.<domain>.bindPassword | The password used for binding searching something in the domain <domain>. For tryLogin() this applies only to the authMethod searchAndBind . | ||
domain.<domain>.userAttribute | samAccountName | The LDAP attribute to use for finding a given user name. | |
domain.<domain>.prettyNameAttribute | cn | The LDAP attribute to try to use as pretty name for users and groups. | |
domain.<domain>.eMailAddressAttribute | mail | The LDAP attribute to try to use as primary e-mail address for users. | |
domain.<domain>.mobileAttribute | The LDAP attribute to try to use as mobile phone number for users. This number is used to send ephemerals OTP for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value mobile in order to activate ephemeral OTP two-factor-authentication. | ||
domain.<domain>.tokenIdsAttribute | The LDAP attribute to try to use as a space separated list of 12-character YubiKey token IDs (like cccccceiiuch ) for users. These token IDs are used to check token OTPs for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value pager in order to activate token-based OTP two-factor-authentication. |
...
<groupId>org.clazzes.login</groupId>
<artifactId>ldap-login-service</artifactId>
...