How does LDAP work?

Earl02 · April 17, 2018, 1:02am

Hi Guys,

Good Morning.

I have some clarifications of how does ldap works.

Why do we need system cuba.rest.ldap.user & cuba.rest.ldap.password? Cant we use the domain user as system user to read some information on the directory?
When setting up LDAP does application users will automatically created when login is successful? Or should i create the application user manually.
Should the cuba.rest.ldap.user is a domain administrator?
How to setup cuba.web.ldap.urls if we have 2 domain controllers for redundancy?

Thanks… Keep up the good work.

artamonov · April 18, 2018, 3:27pm

Hi!

Unfortunately, we cannot use domain user to read information from LDAP. It is a limitation of spring-ldap library.

Users are not created automatically and you have to create them using custom import or manually.

User specified in cuba.rest.ldap.user should have enough permissions in LDAP to read all the user records. Usually, it is not required to give them “domain administrator” rights.

Application property cuba.web.ldap.urls accepts comma separated URLs of 2 domain controllers.

Also, we are planning to release a new application component - GitHub - cuba-platform/ldap-addon: The purpose of the LDAP Integration CUBA component is to provide a readily available instrument of employing features of a directory server, e.g. Active Directory, in any CUBA-based application. that will greatly simplify integration with LDAP.

Earl02 · April 18, 2018, 11:10pm

Hi @artamonov,

Thank you very much for the clarification.