quarkus.security.ldap.enabled=true
quarkus.security.ldap.realm-name=somename
quarkus.security.ldap.direct-verification=true
#Use a tool as dsquery or adexplorer to find out how your dn's are organized
quarkus.security.ldap.dir-context.principal=CN=Some_account,OU=Services,OU=Accounts,OU=MainOffice,OU=Departments,DC=example,DC=com
#Choose ldap:// or ldaps:// and choose theport number based on normal or global catalog
quarkus.security.ldap.dir-context.url=ldap://activedirectoryserver.example.com:3268
quarkus.security.ldap.dir-context.password=Password for Some_account
#I only tested sAMAccountName, but userPrincipalName might also be a good choice
quarkus.security.ldap.identity-mapping.rdn-identifier=sAMAccountName
#The deepest OU shared by all employees
quarkus.security.ldap.identity-mapping.search-base-dn=OU=Departments,DC=example,DC=com
#map the common name from a filter to the 'groups' attribute
quarkus.security.ldap.identity-mapping.attribute-mappings."0".from=cn
quarkus.security.ldap.identity-mapping.attribute-mappings."0".to=groups
#This filter searches for all groups that have your dn as member.
#Most important is (member:1.2.840.113556.1.4.1941:={1})
# which returns all groups (recursively) that have the cn {1} as member
#As this might be extremely slow, we limit the filter to only the groups that are of interest for this application
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter=(&(|(CN=GROUP1)(CN=GROUP2)(CN=more groups as needed here)(member:1.2.840.113556.1.4.1941:={1}))
#The deepest OU shared by all security groups
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter-base-dn=OU=Departments,DC=example,DC=com
#Now you'll need a mechanism to map groups to roles, which does not exist in quarkus today.
#Check https://github.com/quarkusio/quarkus/issues/10264 for the correct syntax
quarkus.security.grouptorole.GROUP1=user
quarkus.security.grouptorole.GROUP2=user,admin
If all these are fixed, you might want to document how to use active directory with the ldap plug in.
https://github.com/quarkusio/quarkus/issues/10110 - setRecursive https://github.com/quarkusio/quarkus/issues/10258 - same ldap quary multiple times https://github.com/quarkusio/quarkus/issues/10259 - config can differ between dev and prod https://github.com/quarkusio/quarkus/issues/10264 - group to role mapping https://github.com/quarkusio/quarkus/issues/10267 - cache ldap results
Here is an example for application.properties: