Skip to main content
Kinetic Community

Configuring LDAP Support

Overview

The LDAP support uses the internal username and password filter and thus only requires a provider to be configured.

Enabling the Strategy

Add com.kineticdata.core.web.security.strategies.ldap.LdapSecurityStrategy to the security.properties.

Configuring the Space

Here is an example of the rest of the configurable parameters. Add these to space security properties file as well:

security.ldap.enabled=true
security.ldap.context.url=ldap://domaincontroller.acme.com:389
security.ldap.context.baseDN=DC=acme,DC=com
security.ldap.context.bindDN=CN=Administrator,CN=Users,DC=acme,DC=com
security.ldap.context.bindPswd=adminpass1
security.ldap.user_search_base=CN=Users
security.ldap.user_search_filter=(sAMAccountName={0})
security.ldap.group_search_base=CN=Users
security.ldap.group_search_filter=member={0}
# These Attributes are used to map users looked up to the user table.
security.ldap.attributes.email=mail
security.ldap.attributes.displayName=displayName

A quick run down of what these properties are:

  • security.ldap.enabled must be set to true in order for LDAP support to be enabled for the space.
  • security.ldap.context.url is the URL to the LDAP server to execute queries and bind against.
  • security.ldap.context.bindDN is the DN of the account used to query for user information.
  • security.ldap.context.bindPswd is the password of the above account.
  • security.ldap.user_search_base is the base container used for searching for users.
  • security.ldap.user_search_filter is an LDAP filter used to provide criteria to match LDAP objects to usernames.

The next two configuration objects are used to automatically update Kinetic Core's internal object with details from the LDAP directory. The property value is the LDAP attribute to map. Please note that there are additional configurable fields available that are documented in the example file.

How to use SSL with the LDAP bridge
This article describes the steps required to configure how to use SSL with the LDAP bridge including exporting / importing certificates.
Configuring SAML Support
This is a step-by-step guide on configuring SAML authentication support in Kinetic Request CE.
Configuring X509 Certificate Support
Instructions for setting up X509/CAC support for the Kinetic Request CE application.
Kinetic Core Security Configuration
Using Identity and LDAP Groups