You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If all these are fixed, you might want to document how to use active directory with the ldap plug in.
#10110 - setRecursive #10258 - same ldap quary multiple times #10259 - config can differ between dev and prod #10264 - group to role mapping #10267 - cache ldap results
Here is an example for application.properties:
quarkus.security.ldap.enabled=true
quarkus.security.ldap.realm-name=somename
quarkus.security.ldap.direct-verification=true
#Use a tool as dsquery or adexplorer to find out how your dn's are organized
quarkus.security.ldap.dir-context.principal=CN=Some_account,OU=Services,OU=Accounts,OU=MainOffice,OU=Departments,DC=example,DC=com
#Choose ldap:// or ldaps:// and choose theport number based on normal or global catalog
quarkus.security.ldap.dir-context.url=ldap://activedirectoryserver.example.com:3268
quarkus.security.ldap.dir-context.password=Password for Some_account
#I only tested sAMAccountName, but userPrincipalName might also be a good choice
quarkus.security.ldap.identity-mapping.rdn-identifier=sAMAccountName
#The deepest OU shared by all employees
quarkus.security.ldap.identity-mapping.search-base-dn=OU=Departments,DC=example,DC=com
#map the common name from a filter to the 'groups' attribute
quarkus.security.ldap.identity-mapping.attribute-mappings."0".from=cn
quarkus.security.ldap.identity-mapping.attribute-mappings."0".to=groups
#This filter searches for all groups that have your dn as member.
#Most important is (member:1.2.840.113556.1.4.1941:={1})
# which returns all groups (recursively) that have the cn {1} as member
#As this might be extremely slow, we limit the filter to only the groups that are of interest for this application
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter=(&(|(CN=GROUP1)(CN=GROUP2)(CN=more groups as needed here)(member:1.2.840.113556.1.4.1941:={1}))
#The deepest OU shared by all security groups
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter-base-dn=OU=Departments,DC=example,DC=com
#Now you'll need a mechanism to map groups to roles, which does not exist in quarkus today.
#Check https://github.com/quarkusio/quarkus/issues/10264 for the correct syntax
quarkus.security.grouptorole.GROUP1=user
quarkus.security.grouptorole.GROUP2=user,admin
The text was updated successfully, but these errors were encountered:
If all these are fixed, you might want to document how to use active directory with the ldap plug in.
#10110 - setRecursive
#10258 - same ldap quary multiple times
#10259 - config can differ between dev and prod
#10264 - group to role mapping
#10267 - cache ldap results
Here is an example for application.properties:
The text was updated successfully, but these errors were encountered: