🔗 Ligoj Identity LDAP plugin

Ligoj LDAP identity plugin, and extending Identity plugin Provides the following features :

• LDAP synchronization and caching
• User activity contribution

Requires IAM Node plugin to select the LDAP node used for authentication.

Cache resources

Cache resources TTL can be overridden from Configuration API with cache.$name.ttl property:

Cache	Default TTL (S)	Note
user-details	Eternal (0)	Assumes there is no LDAP update for other place
customers	Eternal (0)	Assumes there is no LDAP group update for other place
customers-by-id	Eternal (0)	Assumes there is no LDAP group update for other place

Plugin parameters

Parameter	Value	Note
service:id:ldap:base-dn		Base DN of all DN. Should be empty for an easiest fine grained configuration.
service:id:ldap:companies-dn	ou=people,dc=sample,dc=com	DN within the people DN where the companies owning real people are stored.
service:id:ldap:companies-class	organizationalUnit	LDAP object classes of companies for search. Comma or space separated values.
service:id:ldap:companies-class-create		LDAP object classes of companies for the creation. Comma or space separated values. When empty, use the first of search classes.
service:id:ldap:company-pattern	[^,]+,ou=([^,]+),.*	Pattern extracting the company string name from a DN of an user.
service:id:ldap:department-attribute	employeeNumber	LDAP attribute name for the department value. Use a value compatible withe the LDAP schema.
service:id:ldap:groups-dn	ou=groups,dc=sample,dc=com	DN of groups.
service:id:ldap:groups-member-attribute	uniqueMember	LDAP group's attribute name referring to its members' DN.
service:id:ldap:groups-class	groupOfUniqueNames	LDAP object classes of groups for search. Comma or space separated values.
service:id:ldap:groups-class-create		LDAP object classes of groups for the creation. Comma or space separated values. When empty, use the first of search classes.
service:id:ldap:local-id-attribute	employeeID	LDAP attribute name for the local employee number.
service:id:ldap:locked-attribute	employeeType	LDAP attribute name for the locked status of an user.
service:id:ldap:locked-value	LOCKED	LDAP attribute valued of locked user.
service:id:ldap:login-attributes	uid,mail	Accepted authentication LDAP attributes. Comma or space separated values. Ignored when service:id:ldap:self-search is false.
service:id:ldap:password		Clear administrator password. This value is encrypted in database.
service:id:ldap:people-class	inetOrgPerson	LDAP object classes of users for search. Comma or space separated values.
service:id:ldap:people-class-create		LDAP object classes of users for the creation. Comma or space separated values. When empty, use the first of search classes.
service:id:ldap:people-custom-attributes		List of mandatory custom user LDAP attribute names. Comma or space separated values.
service:id:ldap:people-dn	ou=people,dc=sample,dc=com	Base DN of the people. This DN is used as primary search location for users.
service:id:ldap:people-internal-dn	ou=internal,ou=people,dc=sample,dc=com	DN within the people DN to separate internal (writable) users from the other. (not yet fully implemented).
service:id:ldap:quarantine-dn	ou=quarantine,dc=sample,dc=com	DN outside the people DN. Receive the users moved from their source without deleting them.
service:id:ldap:self-search	false	When true, at authentication time, the admin credentials are used search and filter the user, and then the credentials are verified.
		When false, the user's credentials are checked without search. Supports only service:id:ldap:login-attributes = uid,mail.
service:id:ldap:uid-attribute	uid	LDAP attribute name user identifier.
service:id:ldap:url	ldap://localhost:389	One or several comma separated URLs. The first one is the primary, the next ones are for failover. Encrypted in database.
service:id:ldap:user-dn	cn=Manager,dc=sample,dc=com	DN of administrator.