LDAP / AD

Owned by Dinah Bolli (Unlicensed)
Last updated: Jun 22, 2023
2 min read

User data can be read from an LDAP system or the local Active Directory via the LdapSyncSource.

NOTE
The request returns only properties that are also stored in the LDAP. Use the useValueIfEmpty rule to ensure that all properties contain a correct default value or use the ignoreClaimIfEmpty option instead to ignore empty claims.

Configuration

<LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier"> <LdapServer>server</LdapServer> <LdapIsSsl>false</LdapIsSsl> <LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue> <LdapBaseDnPath>dnpath</LdapBaseDnPath> <LdapUser>username</LdapUser> <LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword> <LdapAuthType>Basic</LdapAuthType> <LdapFilter>filtervalue</LdapFilter> <LdapEncodingCodePage>65001</LdapEncodingCodePage> <LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion> <LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad> <Claims> <Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" /> </Claims> </LdapSyncSource>

Options

  • LdapServer If no value is set, the current Active Directory is used. Default Port: 389.

  • LdapIsSsl Default: false; optional.

  • LdapOverwriteSslVerificationAndReturnTrue Default: false; optional.

  • LdapBaseDnPath If no value is set, the current Active Directory DN path is used.

  • LdapUser Default: Current user; optional.

  • LdapPassword Default: Current password from user; optional, encrypted or plain text.

  • LdapAuthType Default: 'Basic', optional.

    • Anonymous: no authentication

    • Basic: Basic authentication

    • Negotiate: Microsoft Negotiate authentication

    • Ntlm: Windows NT Challenge/Response (NTLM) authentication

    • Digest: Digest Access authentication

    • Sicily: Negotiation mechanism (Sicily) is used to use MSN, DPA or NTLM. This should only be used for LDAP server version 2.

    • Dpa: Distributed Password authentication

    • Msn: Microsoft Network Authentication Service

    • External: an external method is used for authentication

    • Kerberos: Kerberos Authentication

  • LdapFilter If no value is set and the queryKey is OneOffixx, the objectSid filter is used.

  • LdapEncodingCodePage Default: 65001, optional, possible values

  • LdapUseV3ProtocolVersion Default: false, optional.

  • LdapPropertiesToLoad Properties to load, separated by commas.

ResultMapping

The LdapSyncSource supports the following mapping format:

<?xml version="1.0" encoding="utf-8"?> <LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier"> <LdapServer>server</LdapServer> <LdapIsSsl>false</LdapIsSsl> <LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue> <LdapBaseDnPath>dnpath</LdapBaseDnPath> <LdapUser>username</LdapUser> <LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword> <LdapAuthType>Basic</LdapAuthType> <LdapFilter>filtervalue</LdapFilter> <LdapEncodingCodePage>65001</LdapEncodingCodePage> <LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion> <LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad> <ResultMapping> <Mapping> <Map Source="displayName" Target="PropertyX" /> </Mapping> </ResultMapping> <Claims> <Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" /> <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/fromMapping" property="PropertyX" /> </Claims> </LdapSyncSource>

The target is a value that must correlate with the property parameter of a claim. Details and configuration examples can be found here: Mapping.

PrimeSoft AG, Bahnhofstrasse 4, 8360 Eschlikon, Switzerland