Add support for LDAP Active Directory authentication. #20
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Multiple LDAP authorization services can be configured, in which case, when
doing HTTP Basic auth and Form login, each enabled LDAP service will be
probed for the authentication credentials in the order they appear in the
configuration, and the first successful authentication will be used.
If no
georchestra.security.ldap.[name].enabled
istrue
, the log-in page won'teven show the username/password form inputs, and HTTP Basic authentication won't be
enabled.
At application startup, the enabled configurations are validated. The application
will fail to start if there's a validation error.
Each LDAP authentication provider can be one of:
credentials in the form of a list of role names.
internal OpenLDAP database, which enriches the authentication principal
object with additional user identity properties.
credentials in the form of a list of role names.
Here's a sample configuration with three LDAP services. The
ldap.default.*
properties are embeddedand match the ones of the
ldap.ldap2
sample config, so it just need to be enabled in the<datadirectory>/gateway/security.yaml
file.