It connects to the server using a reader account and looks for the user that attempts to log in. If the user is known, it tries to log in with the provided credentials to the LDAP server.
The LDAP realm's type is ldap. It takes the following parameters:
- url: the LDAP server URL
- systemUser: the DN (distinguished name) of the LDAP reader user
- systemPassword: the password of the LDAP reader user
- searchBase: a ldap query describing the list of users that can log in to Fluid Topics
- loginAttribute: the name of the field the user login has to match
- nameAttribute: the name of the attribute that contains the user name (used to create an account for the user)
- mailAttribute: the name of the attribute that contains the user mail (used to create an account for the user)
- authenticationMechanism: the authentication mechanism used (optional, default value is simple)
Here is a configuration example of this realm:
{
"name": "ldap",
"type": "ldap",
"configuration": {
"url": "ldaps://ldap.mycompany.com",
"systemUser": "cn=reader,dc=mycompany,dc=com",
"systemPassword": "reader-password",
"searchBase": "dc=mycompany,dc=com",
"loginAttribute": "mail",
"nameAttribute": "cn",
"mailAttribute": "mail"
}
}