LDAP Configuration

LDAP configuration

To configure LDAP as a source of user data and attributes update the LDAP hostname, hostport, credential and ssl_settings in the given sample below and copy it into storage.yml

runtime_db: mypq                                            # Configuration of runtime database. Points to the database server connection.
session_cache:
  type: db                                                  # Specifies the type of session cache, in-memory, redis, or db.
  # cfg: redis-standalone                                   # Specifies the configuration of the `redis` cache, for `redis` type only. Points to `redis` server connection
  # life_time: 600                                          # Specifies the session entry duration in seconds. It applies to `in-memory` type sessions only. Default is `600`
  # max_entries: 60000                                      # Specifies the maximum number of session entries. It applies to `in-memory` type sessions only. Default is `60000`
server_connections:                                         # Server connections
  - name: mypq                                              # Connection name
   ...
  - name: ldap_staging                                      # Connection name
    type: ldap                                              # Connection type
    hosts:                                                  # List of host information (IP and port)
      - hostname: openldap                                  # Server's hostname
        hostport: 636                                       # Server's host port
    credential:                                             # Credential information to connect to the host.
      bind_dn: cn=root,secAuthority=Default                 # Specifies the binding credential for the LDAP server connection.
      bind_password: 'OBF:gJDSuqEFmORCR2Uw3FsAmFKomjYLmhMwdDG2XoUxtQ0='
                                                            # Specifies the binding password for the LDAP server connection. It is recommended to obfuscate this.
    ssl:
      certificate:                                          # The SSL connection certificate array.
        - ks:ldap_keys                                      # The SSL keystore to be used for SSL connections. ks: indicates keystore.
      mutual_auth:
        key: ks:rt_profile_keys/ldap                        # When mutual TLS is needed, specify the keystore and label that contains the client's private key.
        certificate: ks:rt_profile_keys/ldap                # When mutual TLS is needed, specify the keystore and label of the client's leaf certificate.
        ca:                                                 # The mutual_auth connection certificate array.
          - ks:rt_profile_keys/ca                           # When mutual TLS is needed, specify the keystore and label of the client's CA certificate.
      disable_hostname_verification: false                  # The SSL connection validates the hostname.
    conn_settings:                                          # Connection pool settings for the LDAP server. It can be specified at the top level if the settings are common across hosts.
      max_pool_size: 50                                     # Maximum connection pool size.
      connect_timeout: 3                                    # Connect timeout, in seconds.
      aged_timeout: 5                                       # Aged timeout, in seconds.

1. Server connections

Name	Description	Valid Value	Mandatory
name	Connection name	string	Yes
type	Connection type	`ldap`	Yes
hosts	List of host information (IP and port)	HostInfo[]	Yes
credential	Credential information to connect to the server	Credential
ssl	SSL settings.	SSLSettings
conn_settings	Connection pool settings.	ConnectionSettings

1.1. Host information

Name	Description	Valid Value	Mandatory
hostname	LDAP Server's hostname	string	Yes
hostport	LDAP Server's host port	integer	Yes
credential	Credential information to connect to the LDAP Server.	Credential
ssl	SSL settings for the server. It can be specified at the top level if the settings are common across hosts.	SSLSettings
conn_settings	Connection pool settings for the LDAP server. It can be specified at the top level if the settings are common across hosts.	ConnectionSettings

1.2. Credential

Name	Description	Valid Value	Mandatory	Default
bind_dn	Specifies the binding credential for the LDAP server connection.	string	Yes
bind_password	Specifies the binding password for the LDAP server connection. Use obfuscation.	string	Yes

1.3. SSL settings

Name	Description	Valid Value	Mandatory
certificate	The array of SSL certificates to be used for SSL connection to the LDAP.	string	No
mutual_auth
key	When mutual TLS is needed, specify the keystore and label that contains the client's private key.	string	No
certificate	When mutual TLS is needed, specify the keystore of the client's leaf certificate.	string	No
ca	When mutual TLS is needed, specify an array of CA certificates needed for the connection.	string	No
disable_hostname_verification	The flag to enable or disable hostname verification for SSL connections.	Boolean	No

1.4. Connection settings

Name	Description	Valid Value	Mandatory	Default
max_pool_size	Maximum connection pool size.	integer	No	50
aged_timeout	Age timeout, in seconds.	integer	No	10
connect_timeout	Connect timeout, in seconds.	integer	No	5