You should create a user with the same login in your CUBA application. You should set up access rights for this user. As LDAP is used only for authentication (password storing).
By default, login is matched with sAMAccountName of the entry (Active directory stores login in this property).
If you use another LDAP implementation, for instance, Apache DS and another field is ID, you should adjust cuba.web.ldap.userLoginField.
In my test environment I use Apache Directory Studio. By default “sn” is used as ID there. So I have got the following settings:
cuba.web.ldap.enabled = true
cuba.web.ldap.urls = ldap://localhost:10389
cuba.web.ldap.base = dc=example,dc=com
cuba.web.ldap.user = cn=iskandarov,ou=system
cuba.web.ldap.userLoginField = sn
cuba.web.standardAuthenticationUsers = admin
cuba.web.ldap.password = password
How the basic platform LDAP-authentication works:
- login and password are input in the login form of the application
- platform is authenticated in LDAP using credentials defined in cuba.web.ldap.user / cuba.web.ldap.password
- application does LDAP-search in cuba.web.ldap.base: it searches an entry with sn = login
- if the entry is found, the application tries to authenticate in LDAP by the found FQN and the provided password.
- if successful, the user gets access to the application