Guides

LDAP Configuration

Suggest Edits

LDAP configuration

In IBM Security Verify Access, a utility class exists that is called UserLookupHelper. It connects to LDAP to retrieve information.
The LDAP configuration that it connects to can be configured in the runtime component,
in the username password authentication mechanism, or in the server connection.

However, the IBM Security Verify Access OIDC Provider container does not have the configuration information, Instead, IBM Security Verify Access OIDC Provider relies ldapcfg.yml file. The following example demonstrates the configuration:

The following table describes each property:

NameDescriptionValid ValueMandatoryDefault
nameThe unique name of this ldap configuration. This name is used to initialize UserLookupHelper and LdapAttributeUtil.stringYes
filterSearch filter for UserLookupHelperstringYes
user_object_classesComma-separated user object classesstringYes
attributeMain Attribute to be retrievedstringYes
selectorComma-separated attributes that are retrievedstringYes
srv_connsrv_conn is the ldap server connection's name this ldap configuration applies to. The ldap server connection is defined in storage.yml - server_connections section.stringYes
baseDNBase DNstringYes
ldapcfg:                                                                      # start of ldap configuration. It can contain a list of ldap configurations
  - name: ldap_staging_config_01                                              # The unique name of this ldap configuration. This name is used to initialize `UserLookupHelper` and `LdapAttributeUtil`.
    user_object_classes: top,Person,organizationalPerson,inetOrgPerson        # Comma-separated user object classes
    filter: (|(|(objectclass=ePerson)(objectclass=person))(objectclass=User)) # Search filter for `UserLookupHelper`
    selector: objectClass,cn,sn,givenName,userPassword                        # Comma-separated attributes that will be retrieved together with the main attribute
    srv_conn: ldap_staging                                                    # `srv_conn` is the ldap server connection's `name` this ldap configuration applies to. The ldap server connection is defined in `storage.yml` - `server_connections` section.
    attribute: uid                                                            # Main Attribute to be retrieved
    baseDN: dc=ibm,dc=com                                                     # Base DN

Updated almost 2 years ago