LDAP Configuration

LDAP configuration

In IBM Security Verify Access, a utility class exists that is called UserLookupHelper. It connects to LDAP to retrieve information.
The LDAP configuration that it connects to can be configured in the runtime component,
in the username password authentication mechanism, or in the server connection.

However, the IBM Security Verify Access OIDC Provider container does not have the configuration information, Instead, IBM Security Verify Access OIDC Provider relies ldapcfg.yml file. The following example demonstrates the configuration:

The following table describes each property:

Name	Description	Valid Value	Mandatory
name	The unique name of this ldap configuration. This name is used to initialize `UserLookupHelper` and `LdapAttributeUtil`.	string	Yes
filter	Search filter for `UserLookupHelper`	string	Yes
user_object_classes	Comma-separated user object classes	string	Yes
attribute	Main Attribute to be retrieved	string	Yes
selector	Comma-separated attributes that are retrieved	string	Yes
srv_conn	`srv_conn` is the ldap server connection's `name` this ldap configuration applies to. The ldap server connection is defined in `storage.yml` - `server_connections` section.	string	Yes
baseDN	Base DN	string	Yes

ldapcfg:                                                                      # start of ldap configuration. It can contain a list of ldap configurations
  - name: ldap_staging_config_01                                              # The unique name of this ldap configuration. This name is used to initialize `UserLookupHelper` and `LdapAttributeUtil`.
    user_object_classes: top,Person,organizationalPerson,inetOrgPerson        # Comma-separated user object classes
    filter: (|(|(objectclass=ePerson)(objectclass=person))(objectclass=User)) # Search filter for `UserLookupHelper`
    selector: objectClass,cn,sn,givenName,userPassword                        # Comma-separated attributes that will be retrieved together with the main attribute
    srv_conn: ldap_staging                                                    # `srv_conn` is the ldap server connection's `name` this ldap configuration applies to. The ldap server connection is defined in `storage.yml` - `server_connections` section.
    attribute: uid                                                            # Main Attribute to be retrieved
    baseDN: dc=ibm,dc=com                                                     # Base DN

Updated over 1 year ago