Documentation
Validator: LDAP
The LDAP validator allows you to authenticate a user using the Lightweight Directory Access Protocol v3.
Parameters
Parameter | Description |
---|---|
server |
Name of the host providing the LDAP service. |
port |
Optional. Port number of the LDAP service. Default: 389. |
binddn |
Optional. Bind Distinguished Name (user). If none is provided an anonymous bind will be attempted. |
bindpw |
Bind Password (password). |
basedn |
Base Distinguished Name. |
filter |
A filter that defines the conditions that must be fulfilled in order for the search to match a given entry. Use ${user} in a filter as a substitution to match the identifier inputted by a user accessing the resource. The filter must resolve to a single user object. For LDAP filter syntax, refer to RFC 2254. |
tls |
Optional. Enable the use of TLS based integrity. Defaults to 0. |
ca_file |
Optional. It’s the CA filename. Must be provided if TLS is enabled. |
Compatibility
This validator is compatible with the basic scheme.
Notes
The server address can be specified as an IP address or a hostname.
Base DN, also known as search base, identifies the part of the directory tree you want to manage.
Bind DN is the user name.
To select any user from LDAP as part of the filter, specify (uid=${user}), where uid is the attribute that serves as your LDAP user identifier.