by Ramkumar Chandrasekeran, Software Engineer - Microsoft R Tiger Team
By default, the LDAP security provider is disabled. To enable LDAP authentication support, you must update the relevant properties in your DeployR external configuration file. The values you assign to these properties should match the configuration of your LDAP Directory Information Tree (DIT).
- For LDAP, set
grails.plugin.springsecurity.ldap.context.server
to the LDAP server URL, such as'ldap://localhost:389/'
. - For LDAPS, set
grails.plugin.springsecurity.ldap.context.server
to the LDAP-S server URL, such as'ldaps://localhost:636/'
.
/* * DeployR LDAP Authentication Configuration Properties * * To enable LDAP authentication uncomment the following properties and * set grails.plugin.springsecurity.ldap.active=true and * provide property values matching your LDAP DIT: */ grails.plugin.springsecurity.ldap.active=false /* grails.plugin.springsecurity.ldap.context.managerDn = 'dc=example,dc=com' grails.plugin.springsecurity.ldap.context.managerPassword = 'secret' // LDAP // grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:389/' // LDAPS grails.plugin.springsecurity.ldap.context.server = 'ldaps://localhost:636/' grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true grails.plugin.springsecurity.ldap.search.base = 'ou=people,dc=example,dc=com' grails.plugin.springsecurity.ldap.search.searchSubtree = true grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}' grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=group,dc=example,dc=com' grails.plugin.springsecurity.ldap.authorities.defaultRole = "ROLE_BASIC_USER" // Optionally, specify LDAP password encryption algorithm: MD5, SHA-256 // grails.plugin.springsecurity.password.algorithm = 'xxx' // deployr.security.ldap.user.properties.map // Allows you to map LDAP user property names to DeployR user property names: deployr.security.ldap.user.properties.map = ['displayName':'cn', 'email':'mail', 'uid' : 'uidNumber', 'gid' : 'gidNumber'] // deployr.security.ldap.roles.map property // Allows you to map between LDAP group names to DeployR role names. // NOTE, while LDAP group names can be defined on the LDAP server using // any mix of upper and lower case, such as finance, Finance or FINANCE, // the LDAP group names that appear in the map must have ROLE_ appended // and be capitialized. For example, an LDAP group named "finance" should // appear in the map as ROLE_FINANCE. DeployR role names must // begin with ROLE_ and must always be upper case. deployr.security.ldap.roles.map = ['ROLE_FINANCE':'ROLE_BASIC_USER', 'ROLE_ENGINEERING':'ROLE_POWER_USER'] */
For more information, see the complete list of LDAP configuration properties.
Comments
You can follow this conversation by subscribing to the comment feed for this post.