LDAP

When LDAP is included in authentication_method, configure the following parameters. LDAP can be used alone (authentication_method: LDAP) or combined with other methods (e.g. authentication_method: [LDAP,OKA]) to allow local OKA accounts as a fallback.

• ldap:

  • server_uri: A string value specifying the URI of the LDAP server. Example: ldap://127.0.0.1:389.

  • bind_dn: A string value representing the distinguished name (DN) for binding to the LDAP directory. Example: "cn=admin,dc=example,dc=com".

  • bind_password: A string value used as the password to authenticate the LDAP bind DN. Example: "adminpassword".

  • search_base: A string value specifying the base DN for user searches in the LDAP directory. This should correspond to the organizational unit where user accounts are stored. Example: "ou=People,dc=example,dc=com".

  • username_field: A string value representing the LDAP attribute field used for username lookups. By default, mail is a common choice. Example: "mail" or "uid". Default: "mail"

  • groups:

    • search_base: A string value specifying the base DN for group searches in the LDAP directory. This should correspond to the organizational unit where groups are stored. Example: "ou=Group,dc=example,dc=com".

    • search_filterstr: A string value representing the LDAP attribute field to use when searching groups. Example: "(objectClass=group)" or "(cn=*)". Default: "(objectClass=group)".

    • required: A string representing a list of authorized groups specified with their full description and separated by a semicolon. Access will be granted if user is part of at least one of the groups (OR operator is applied). Example: "cn=enabled,ou=groups,dc=example,dc=com;cn=also_enabled,ou=groups,dc=example,dc=com". Default: None