The LDAP support uses the internal username and password filter and thus only requires a provider to be configured.

Enabling the Strategy

Add com.kineticdata.core.web.security.strategies.ldap.LdapSecurityStrategy to the security.properties file on the server for the space.

Configuring the Space

Here is an example of the rest of the configurable parameters. Add these to space security properties file as well:

security.ldap.enabled=true
security.ldap.context.url=ldap://domaincontroller.acme.com:389
security.ldap.context.baseDN=DC=acme,DC=com
security.ldap.context.bindDN=CN=Administrator,CN=Users,DC=acme,DC=com
security.ldap.context.bindPswd=adminpass1
security.ldap.user_search_base=CN=Users
security.ldap.user_search_filter=(sAMAccountName={0})
security.ldap.group_search_base=CN=Users
security.ldap.group_search_filter=member={0}
# These Attributes are used to map users looked up to the user table.
security.ldap.attributes.email=mail
security.ldap.attributes.displayName=displayName

A quick run down of what these properties are:

• security.ldap.enabled must be set to true in order for LDAP support to be enabled for the space.
• security.ldap.context.url is the URL to the LDAP server to execute queries and bind against.
• security.ldap.context.bindDN is the DN of the account used to query for user information.
• security.ldap.context.bindPswd is the password of the above account.
• security.ldap.user_search_base is the base container used for searching for users.
• security.ldap.user_search_filter is an LDAP filter used to provide criteria to match LDAP objects to usernames.

The next two configuration objects are used to automatically update Kinetic Core's internal object with details from the LDAP directory. The property value is the LDAP attribute to map. Please note that there are additional configurable fields available that are documented in the example file.