How to Configure LDAP SSO Support for a Hosted Environment
Overview
This guide outlines configuring single sign-on (SSO) authentication using a Lightweight Directory Access Protocol (LDAP) for an installation hosted on kinops.
For assistance with configuring SSO support for a customer-managed environment, see How to Configure LDAP SSO Support for a Customer-Managed Environment.
Process
To enable SSO using LDAP, create a file named "security.space-slug.properties" using the template below and update the example values to meet your organization's specifications.
The following code is only an example of the security.space-slug.properties file and must be edited for your Space. If you need assistance configuring this file, contact Kinetic Support with your LDAP resource available for assistance.
security.ldap.enabled=true
security.autocreate=true
security.autoupdate=true
security.ldap.context.url=ldap://fake_ldap:389
security.ldap.context.baseDN=DC=corp,DC=fake_ldap_dc,DC=io
security.ldap.context.bindDN=CN=Admin,OU=Users,OU=CORP,DC=corp,DC=fake_ldap_dc,DC=io
security.ldap.context.bindPswd=rdWJL-YaGY2pzRns-G2*
security.ldap.user_search_base=
security.ldap.user_search_filter=(sAMAccountName={0})
#security.ldap.group_search_base=
#security.ldap.group_search_subtree=true
security.ldap.group_search_filter=(uniqueMember={0})
# security.ldap_group_role_prefix=ROLE_ # defaults to blank.
# security.ldap.group_role_attribute=ou # defaults to 'cn'
## These Attributes are used to map users looked up to the user table.
security.ldap.attributes.email=mail
security.ldap.attributes.displayName=displayName
#security.ldap.mappings.userAttribute.0.name=LDAP Department
#security.ldap.mappings.userAttribute.0.mapping=department
#security.ldap.mappings.userAttribute.0.regexMatch=
#security.ldap.mappings.userAttribute.0.regexReplace=
#security.ldap.mappings.userAttribute.1.name=LDAP Country
#security.ldap.mappings.userAttribute.1.mapping=co
#security.ldap.mappings.userAttribute.1.regexMatch=
#security.ldap.mappings.userAttribute.1.regexReplace=
#security.ldap.mappings.userAttribute.2.name=LDAP Manager Name
#security.ldap.mappings.userAttribute.2.mapping=manager
#security.ldap.mappings.userAttribute.2.regexMatch=CN=(.*?),(CN|OU)=.*
#security.ldap.mappings.userAttribute.2.regexReplace=$1
#security.ldap.mappings.profileAttribute.0.name=LDAP Phone number
#security.ldap.mappings.profileAttribute.0.mapping=ipPhone
#security.ldap.mappings.profileAttribute.0.regexMatch=
#security.ldap.mappings.profileAttribute.0.regexReplace=
Updated 4 months ago