Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

LDAP is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network. LDAP is a "lightweight" version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is considered lightweight because it uses a smaller amount of code than other protocols.

A directory tells the user where in the network something is located. On TCP/IP networks -- including the internet -- the domain name system (DNS) is the directory system used to relate the domain name to a specific network address, which is a unique location on the network. However, the user may not know the domain name. LDAP allows a user to search for an individual without knowing where they're located, although additional information will help with the search.

  • Url

    • Url of your ldap server. Must include protocol and non-default ports. E.g. ldap://my.server or ldaps://my.server:1234

  • Search Base

    • DN of some group (OU) in your ldap. Only users within this group or any of its sub-groups can log in. Example: OU=Users,OU=apiida.com,DC=ad,DC=api­ida,DC=com

  • Technical User

    • Full DN of a user with read (ideally: read-only) access on the ldap. Tipp: On windows you can run 'whoami /fqdn' to get the DN of the current user. Example: CN=John Doe,OU=Users,OU=api­ida.com,DC=ad,DC=api­ida,DC=com

  • Technical User Password

  • User Name Attribute

    • Attribute of user entries that is used for login. This determines what your users will use as username in the API Control Plane. Examples are mail, sAMAccountName, userPrincipleName.

  • Display Name Attribute (optional)

    • User entry attribute that will be used to obtain the user's display name. If not specified, this is the same as user name attribute. Examples are cn, name, displayName.

  • Email Attribute (optional)

    • User entry attribute that (if present) will be used to obtain the user's email address. In most cases, this attribute is named mail.

  • User Group (optional)

    • If specified, in addition to being located under search base, regular users must also be member of a group (OU) with this exact name. Alternatively users can be members of the admin group, if that is specified.

  • Admin Group (optional)

    • If specified, any user (under search base) that is also part of a group (OU) with this exact name, will be logged in with the global admin role.

  • Server Certificate (optional)

    • If you are using ldaps with a self-signed certificate, you can enter that here in PEM format. The certificate must have been issued for the hostname used in url.

  • No labels