How does LDAP work?

Hi Guys,

Good Morning.

I have some clarifications of how does ldap works.

  1. Why do we need system cuba.rest.ldap.user & cuba.rest.ldap.password? Cant we use the domain user as system user to read some information on the directory?

  2. When setting up LDAP does application users will automatically created when login is successful? Or should i create the application user manually.

  3. Should the cuba.rest.ldap.user is a domain administrator?

  4. How to setup cuba.web.ldap.urls if we have 2 domain controllers for redundancy?

Thanks… Keep up the good work.

Hi!

Unfortunately, we cannot use domain user to read information from LDAP. It is a limitation of spring-ldap library.

Users are not created automatically and you have to create them using custom import or manually.

User specified in cuba.rest.ldap.user should have enough permissions in LDAP to read all the user records. Usually, it is not required to give them “domain administrator” rights.

Application property cuba.web.ldap.urls accepts comma separated URLs of 2 domain controllers.

Also, we are planning to release a new application component - https://github.com/cuba-platform/ldap-addon that will greatly simplify integration with LDAP.

1 Like

Hi @artamonov,

Thank you very much for the clarification.