...
...
A directory tells the user where in the network something is located. On TCP/IP networks -- including the internet -- the domain name system (DNS) is the directory system used to relate the domain name to a specific network address, which is a unique location on the network. However, the user may not know the domain name. LDAP allows a user to search for an individual without knowing where they're located, although additional information will help with the search.
...
Url
Url of your ldap server. Must include protocol and non-default ports. E.g. ldap://my.server or ldaps://my.server:1234
...
Search Base
DN of some group (OU) in your ldap. Only users within this group or any of its sub-groups can log in. Example: OU=Users,OU=apiida.com,DC=ad,DC=apiida,DC=com
...
Technical User
Full DN of a user with read (ideally: read-only) access on the ldap. Tipp: On windows you can run 'whoami /fqdn' to get the DN of the current user. Example: CN=John Doe,OU=Users,OU=apiida.com,DC=ad,DC=apiida,DC=com
...
Technical User Password
...
User Name Attribute
Attribute of user entries that is used for login. This determines what your users will use as username in the API Control Plane. Examples are mail, sAMAccountName, userPrincipleName.
...
Display Name Attribute (optional)
User entry attribute that will be used to obtain the user's display name. If not specified, this is the same as user name attribute. Examples are cn, name, displayName.
...
Email Attribute (optional)
User entry attribute that (if present) will be used to obtain the user's email address. In most cases, this attribute is named mail.
...
User Group (optional)
If specified, in addition to being located under search base, regular users must also be member of a group (OU) with this exact name. Alternatively users can be members of the admin group, if that is specified.
...
Admin Group (optional)
If specified, any user (under search base) that is also part of a group (OU) with this exact name, will be logged in with the global admin role.
Server Certificate (optional)
...
) Configuration page in the API Control Plane is where administrators can set up and manage LDAP integration for user authentication and directory services. This setup allows the platform to authenticate users against an LDAP directory such as Active Directory, OpenLDAP, or other LDAP-compliant directories.
Layout and Functionalities
A toggle switch allows for quick enablement or disablement of LDAP integration. In the form below, all relevant subjects can be specified.
The form includes fields for:
"Url": Where the LDAP server's URL is specified, indicating where the API platform should direct its authentication requests.
"Search Base": Denoting the starting point within the LDAP directory from where to begin the search for user entries.
"Technical User": A distinguished name (DN) of a user with permissions to carry out actions in the LDAP directory, perhaps used for querying user data.
"Technical User Password": A password field, obfuscated for security, corresponding to the technical user.
"User Name Attribute": The attribute used to log in or identify the user within the LDAP directory, which is typically 'userPrincipalName'.
"Display Name Attribute (optional)": If provided, this attribute would specify how user names are displayed within the platform.
"Email Attribute (optional)": An attribute for the user's email, which might be used for notifications or integration with other services.
"User Group (optional)": To designate a particular user group from LDAP for special privileges or restrictions within the API management platform.
"Admin Group (optional)": To define an LDAP group whose members are granted administrative privileges on the platform.
"Server Certificate (optional)": Add the LDAP server's SSL certificate to enable secure communications.
Table of contents
| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|