LDAP
KADAI provides LDAP support by showing LDAP-usage in its
example module kadai-rest-spring-example-boot.
If you do not create an LdapContextSource bean, KADAI will create one for you using the parameters
specified on this documentation page.
If you want to create your LdapContextSource bean to be used in KADAI, please use as qualifier the
constant io.kadai.common.rest.ldap.KADAI_LDAP_CONTEXT_SOURCE.
To configure LDAP for usage with KADAI, you need an .ldif file. Additionally, you need to configure
LDAP in the application.properties file using the following parameters:
| Parameter | Description | Sample Value |
|---|---|---|
| kadai.ldap.serverUrl | The url of the ldap server used by KADAI. | ldap://localhost:10389 |
| kadai.ldap.bindDn | The bind dn when connecting. | uid=admin |
| kadai.ldap.bindPassword | The password for connecting with the bind dn. | secret |
| kadai.ldap.baseDn | The base dn of the ldap server. | ou=Test,O=KADAI |
| kadai.ldap.userSearchBase | The search root for users. | cn=users |
| kadai.ldap.userSearchFilterName | Name of the attribute for filtering users. | objectclass |
| kadai.ldap.userSearchFilterValue | Value of the attribute for filtering users. | person |
| kadai.ldap.userFirstnameAttribute | Name of the attribute that is used to specify the first name of the user. | givenName |
| kadai.ldap.userLastnameAttribute | Name of the attribute that is used to specify the last name of the user. | sn |
| kadai.ldap.userFullnameAttribute | Name of the attribute that is used to specify the full name of the user. | cn |
| kadai.ldap.userPhoneAttribute | Name of the attribute that is used to specify the phone of the user. | phoneNumber |
| kadai.ldap.userMobilePhoneAttribute | Name of the attribute that is used to specify the mobile phone of the user. | mobileNumber |
| kadai.ldap.userEmailAttribute | Name of the attribute that is used to specify the email of the user. | |
| kadai.ldap.userOrglevel1Attribute | Name of the attribute that is used to specify the first organization level of the user. | orgLevel1 |
| kadai.ldap.userOrglevel2Attribute | Name of the attribute that is used to specify the second organization level of the user. | orgLevel2 |
| kadai.ldap.userOrglevel3Attribute | Name of the attribute that is used to specify the third organization level of the user. | orgLevel3 |
| kadai.ldap.userOrglevel4Attribute | Name of the attribute that is used to specify the fourth organization level of the user. | orgLevel4 |
| kadai.ldap.userIdAttribute | Name of the attribute that is used to specify the id of the user. | uid |
| kadai.ldap.userMemberOfGroupAttribute | Name of the attribute that is used to specify groups of the user. | memberOf |
| kadai.ldap.groupSearchBase | The search root for groups | |
| kadai.ldap.groupSearchFilterName | Name of the attribute for filtering groups. | objectclass |
| kadai.ldap.groupSearchFilterValue | Value of the attribute for filtering goups. | groupOfUniqueNames |
| kadai.ldap.groupNameAttribute | Name of the attribute that is used to specify the name of the group. | cn |
| kadai.ldap.groupIdAttribute | Name of the attribute that is used to specify the access id of the group in the ldif file. If it's empty, then the groupNameAttribute or the dn will be used as access id, depending on your configuration. | gid |
| kadai.ldap.minSearchForLength (optional) | 3 | |
| kadai.ldap.maxNumberOfReturnedAccessIds (optional) | 50 | |
| kadai.ldap.groupsOfUser (optional) | Deprecated: Please use kadai.ldap.groupsOfUser.name instead. | uniquemember |
| kadai.ldap.groupsOfUser.name (optional) | Name of the attribute in a group object, which specifies the member of the group. | uniquemember |
| kadai.ldap.groupsOfUser.type (optional) | Type of the attribute in a group object, which specifies the member of the group.If you specify ‘dn’ as the type, KADAI assumes that this field contains exactly the full dn of the member. The value of this field should be either "dn" or empty. | dn |
| kadai.ldap.permissionSearchBase (optional) | The search root for permissions | |
| kadai.ldap.permissionSearchFilterName (optional) | Name of the attribute for filtering permissions | objectclass |
| kadai.ldap.permissionSearchFilterValue (optional) | Group of unique names | groupOfUniqueNames |
| kadai.ldap.permissionNameAttribute (optional) | Name of the attribute that sets the name of permission when defining a permission | permission |
| kadai.ldap.permissionIdAttribute | Name of the attribute that is used to specify the access id of the permission in the ldif file. If it's empty, then the permissionNameAttribute or the dn will be used as access id, depending on your configuration. | gid |
| kadai.ldap.permissionsOfUser (optional) | Deprecated: Please use kadai.ldap.permissionsOfUser.name instead. | uniquemember |
| kadai.ldap.permissionsOfUser.name (optional) | Name of the attribute in a permission object, which specifies the member of the permission. | uniquemember |
| kadai.ldap.permissionsOfUser.type (optional) | Type of the attribute in a permission object, which specifies the member of the permission. If you specify ‘dn’ as the type, KADAI assumes that this field contains exactly the full dn of the member. The value of this field should be either "dn" or empty. | dn |
| kadai.ldap.userPermissionsAttribute (optional) | Name of the attribute that lists the permission when defining a user. It's not required yet, as it's enough to list the user when defining the permission | permission |
| kadai.ldap.useDnForGroups | True if dn to be used for groups, false otherwise. | true |