Multiple LDAP authorization services can be configured, in which case, when
doing HTTP Basic auth and Form login, each enabled LDAP service will be
probed for the authentication credentials in the order they appear in the
configuration, and the first successful authentication will be used.
If no georchestra.security.ldap.[name].enabled is true, the log-in page won't
even show the username/password form inputs, and HTTP Basic authentication won't be
enabled.
At application startup, the enabled configurations are validated. The application
will fail to start if there's a validation error.
Each LDAP authentication provider can be one of:
A standard LDAP provider, which provides provides basic authorization
credentials in the form of a list of role names.
An extended LDAP provider, as traditionally used by geOrchestra's
internal OpenLDAP database, which enriches the authentication principal
object with additional user identity properties.
An Active Directory LDAP provider, which provides basicauthorization
credentials in the form of a list of role names.
Here's a sample configuration with three LDAP services. The ldap.default.* properties are embedded
and match the ones of the ldap.ldap2 sample config, so it just need to be enabled in the <datadirectory>/gateway/security.yaml file.
Multiple LDAP authorization services can be configured, in which case, when doing HTTP Basic auth and Form login, each enabled LDAP service will be probed for the authentication credentials in the order they appear in the configuration, and the first successful authentication will be used.
If no
georchestra.security.ldap.[name].enabled
istrue
, the log-in page won't even show the username/password form inputs, and HTTP Basic authentication won't be enabled.At application startup, the enabled configurations are validated. The application will fail to start if there's a validation error.
Each LDAP authentication provider can be one of:
Here's a sample configuration with three LDAP services. The
ldap.default.*
properties are embedded and match the ones of theldap.ldap2
sample config, so it just need to be enabled in the<datadirectory>/gateway/security.yaml
file.