LDAP Support

[DonMartin76]

It would be nice to have LDAP support in the Authorization Server.

Requirements:

• Log in using username/password via LDAP validation
• Retrieve a default profile via LDAP (with customizable fields, just like ADFS or OAuth2 works)

Extras:

• Test integration in Kickstarter and review which fields the LDAP retrieves, to make the profile mapping easier

[kbhuvanamohan]

It would be good if we can have this option to leverage the existing LDAP entities. If you can list down how to approach this LDAP support for the wicked portal, it would be a good starting point to proceed on this. Thanks much in advance!

[DonMartin76]

This will land in 1.0.0-rc.8, but without the extras.

[DonMartin76]

@kbhuvanamohan @karthniknaga87 It's implemented on the next branch already. What you can do to test this is the following:

• Install the wicked-cli if you haven't already done that
• wicked tags set next
• Go to an empty directory
• wicked kickstart . --new
• Configure an LDAP auth method, enable it, and enable portal login for it

You will need the following information:

• LDAP URL (ldaps://...:636)
• An LDAP user and password, who is allowed to run search() on the LDAP
• Which LDAP attribute you want to use as a username; the preconfigured one is sAMAccountName, which is the typical Microsoft AD login
• This also has to match the filter in the settings

Then you should be good to go. Please ping back in case you run into something unexpected. Also ping back if it works for you, of course. It's obvious that the LDAP server has to be accessible from wicked's Authorization Server.

[kbhuvanamohan]

@miguelpoyatosmora @karthiknaga87 Please help to provide additional information if needed.