Documentation

Validator: LDAP

The LDAP validator allows you to authenticate a user using the Lightweight Directory Access Protocol v3.

Parameters

Parameter Description

server

Name of the host providing the LDAP service.

port

Optional. Port number of the LDAP service. Default: 389.

binddn

Optional. Bind Distinguished Name (user). If none is provided an anonymous bind will be attempted.

bindpw

Bind Password (password).

basedn

Base Distinguished Name.

filter

A filter that defines the conditions that must be fulfilled in order for the search to match a given entry. Use ${user} in a filter as a substitution to match the identifier inputted by a user accessing the resource. The filter must resolve to a single user object. For LDAP filter syntax, refer to RFC 2254.

tls

Optional. Enable the use of TLS based integrity. Defaults to 0.

ca_file

Optional. It’s the CA filename. Must be provided if TLS is enabled.

Compatibility

This validator is compatible with the basic scheme.

Notes

The server address can be specified as an IP address or a hostname.

Base DN, also known as search base, identifies the part of the directory tree you want to manage.

Bind DN is the user name.

To select any user from LDAP as part of the filter, specify (uid=${user}), where uid is the attribute that serves as your LDAP user identifier.