Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ligoj/plugin-id-ldap
Ligoj plugin for plugin-id with LDAP backend
https://github.com/ligoj/plugin-id-ldap
ldap ligoj ligoj-plugin spring
Last synced: about 12 hours ago
JSON representation
Ligoj plugin for plugin-id with LDAP backend
- Host: GitHub
- URL: https://github.com/ligoj/plugin-id-ldap
- Owner: ligoj
- License: mit
- Created: 2017-03-10T22:12:51.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2024-05-12T16:14:42.000Z (6 months ago)
- Last Synced: 2024-05-12T21:53:56.390Z (6 months ago)
- Topics: ldap, ligoj, ligoj-plugin, spring
- Language: Java
- Homepage: https://kloudy.io
- Size: 749 KB
- Stars: 5
- Watchers: 4
- Forks: 5
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## :link: Ligoj Identity LDAP plugin [](https://maven-badges.herokuapp.com/maven-central/org.ligoj.plugin/plugin-id-ldap)
[](https://sonarcloud.io/dashboard?id=org.ligoj.plugin%3Aplugin-id-ldap)
[](https://sonarcloud.io/dashboard/index/org.ligoj.plugin:plugin-id-ldap)
[](https://www.codacy.com/gh/ligoj/plugin-id-ldap?utm_source=github.com&utm_medium=referral&utm_content=ligoj/plugin-id-ldap&utm_campaign=Badge_Grade)
[](https://www.codefactor.io/repository/github/ligoj/plugin-id-ldap)
[](http://fabdouglas.mit-license.org/)
[Ligoj](https://github.com/ligoj/ligoj) LDAP identity plugin, and
extending [Identity plugin](https://github.com/ligoj/plugin-id)
Provides the following features :
- LDAP synchronization and caching
- User activity contribution
Requires [IAM Node plugin](https://github.com/ligoj/plugin-iam-node) to select the LDAP node used for authentication.
# Cache resources
Cache resources TTL can be overridden from Configuration API with `cache.$name.ttl` property:
| Cache | Default TTL (S) | Note |
|-----------------|-----------------|-------------------------------------------------------|
| user-details | Eternal (0) | Assumes there is no LDAP update for other place |
| customers | Eternal (0) | Assumes there is no LDAP group update for other place |
| customers-by-id | Eternal (0) | Assumes there is no LDAP group update for other place |
# Plugin parameters
| Parameter | Value | Note |
|------------------------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
| service:id:ldap:base-dn | | Base DN of all DN. Should be empty for an easiest fine grained configuration. |
| service:id:ldap:companies-dn | ou=people,dc=sample,dc=com | DN within the people DN where the companies owning real people are stored. |
| service:id:ldap:companies-class | organizationalUnit | LDAP object classes of companies for search. Comma or space separated values. |
| service:id:ldap:companies-class-create | | LDAP object classes of companies for the creation. Comma or space separated values. When empty, use the first of search classes. |
| service:id:ldap:company-pattern | [^,]+,ou=([^,]+),.* | Pattern extracting the company string name from a DN of an user. |
| service:id:ldap:department-attribute | employeeNumber | LDAP attribute name for the department value. Use a value compatible withe the LDAP schema. |
| service:id:ldap:groups-dn | ou=groups,dc=sample,dc=com | DN of groups. |
| service:id:ldap:groups-member-attribute | uniqueMember | LDAP group's attribute name referring to its members' DN. |
| service:id:ldap:groups-class | groupOfUniqueNames | LDAP object classes of groups for search. Comma or space separated values. |
| service:id:ldap:groups-class-create | | LDAP object classes of groups for the creation. Comma or space separated values. When empty, use the first of search classes. |
| service:id:ldap:local-id-attribute | employeeID | LDAP attribute name for the local employee number. |
| service:id:ldap:locked-attribute | employeeType | LDAP attribute name for the locked status of an user. |
| service:id:ldap:locked-value | LOCKED | LDAP attribute valued of locked user. |
| service:id:ldap:login-attributes | uid,mail | Accepted authentication LDAP attributes. Comma or space separated values. Ignored when `service:id:ldap:self-search` is `false`. |
| service:id:ldap:password | | Clear administrator password. This value is encrypted in database. |
| service:id:ldap:people-class | inetOrgPerson | LDAP object classes of users for search. Comma or space separated values. |
| service:id:ldap:people-class-create | | LDAP object classes of users for the creation. Comma or space separated values. When empty, use the first of search classes. |
| service:id:ldap:people-custom-attributes | | List of mandatory custom user LDAP attribute names. Comma or space separated values. |
| service:id:ldap:people-dn | ou=people,dc=sample,dc=com | Base DN of the people. This DN is used as primary search location for users. |
| service:id:ldap:people-internal-dn | ou=internal,ou=people,dc=sample,dc=com | DN within the people DN to separate internal (writable) users from the other. (not yet fully implemented). |
| service:id:ldap:quarantine-dn | ou=quarantine,dc=sample,dc=com | DN outside the people DN. Receive the users moved from their source without deleting them. |
| service:id:ldap:self-search | false | When `true`, at authentication time, the admin credentials are used search and filter the user, and then the credentials are verified. |
| | | When `false`, the user's credentials are checked without search. Supports only `service:id:ldap:login-attributes` = `uid,mail`. |
| service:id:ldap:uid-attribute | uid | LDAP attribute name user identifier. |
| service:id:ldap:url | ldap://localhost:389 | This value is encrypted in database. |
| service:id:ldap:user-dn | cn=Manager,dc=sample,dc=com | DN of administrator. |