9.3.1. Basic LDAP Integration
If the cuba.web.externalAuthentication property is enabled, the LdapAuthProvider
class is used by default. In this case, the Spring LDAP library is used for user authentication.
The following Web Client application properties are used to set up LDAP integration:
-
cuba.web.ldap.urls
– LDAP server URL. -
cuba.web.ldap.base
– base DN for user search. -
cuba.web.ldap.user
– the distinguished name of a system user which has the right to read the information from the directory. -
cuba.web.ldap.password
– the password for the system user defined in thecuba.web.ldap.user
property. -
cuba.web.ldap.userLoginField
- the name of an LDAP user attribute that is used for matching the login name.sAMAccountName
by default (suitable for Active Directory).
Example of local.app.properties file for the Web Client block:
cuba.web.externalAuthentication = true
cuba.web.ldap.urls = ldap://192.168.1.1:389
cuba.web.ldap.base = ou=Employees,dc=mycompany,dc=com
cuba.web.ldap.user = cn=System User,ou=Employees,dc=mycompany,dc=com
cuba.web.ldap.password = system_user_password
In case of the integration with Active Directory, when creating users in the application, specify their sAMAccountName
without domain as a login.