How does LDAP work?

Hi Guys,

Good Morning.

I have some clarifications of how does ldap works.

  1. Why do we need system & Cant we use the domain user as system user to read some information on the directory?

  2. When setting up LDAP does application users will automatically created when login is successful? Or should i create the application user manually.

  3. Should the is a domain administrator?

  4. How to setup cuba.web.ldap.urls if we have 2 domain controllers for redundancy?

Thanks… Keep up the good work.


Unfortunately, we cannot use domain user to read information from LDAP. It is a limitation of spring-ldap library.

Users are not created automatically and you have to create them using custom import or manually.

User specified in should have enough permissions in LDAP to read all the user records. Usually, it is not required to give them “domain administrator” rights.

Application property cuba.web.ldap.urls accepts comma separated URLs of 2 domain controllers.

Also, we are planning to release a new application component - GitHub - cuba-platform/ldap-addon: The purpose of the LDAP Integration CUBA component is to provide a readily available instrument of employing features of a directory server, e.g. Active Directory, in any CUBA-based application. that will greatly simplify integration with LDAP.

1 Like

Hi @artamonov,

Thank you very much for the clarification.