Authentication with OpenLDAP

For a configuration by environment variables, go to that page.

The procedure describes below is only with an Administrator account.

Go in the Administration > Ways of authentication part.

In that page, select OpenLDAP as way of authentication.

openldap_config_en.png

Then fill the fields of the form:

  • Hostname: address of the serveur on which is the OpenLDAP service.

  • Port: port on which is the OpenLDAP service.

  • Secured server: if that option is selected, ldaps will be used in place of ldap.
  • Root username: User DN used to sign in to the OpenLDAP server.

  • Root passeword: the password used to sign in to the OpenLDAP service.

  • User search root DN: The root node in OpenLDAP used to search users. Example: cn=users,dc=example,dc=com".
  • Search filter: (Optional) Used to filter users during search. Default: '(uid={{username}})' where username corresponds to the identified user.
  • OpenLDAP displayName attribute: User attribute used as the user displayName in Themis.
  • OpenLDAP mail attribute: User attribute used as the user mail in Themis.
  • Group search root DN: (optional) the root DN of the group that is allowed to sign in to Themis, if that parameter is left empty, all groups are allowed to sign in to Themis.
  • Group search filter: (optional) User to filter group members. Default: '(member={{dn}})'.

Once these information informed, click on Save. That action will disconnect you.

!! You have to restart Themis (via Docker -> docker-compose up -d) so that the change would be effective. !! 

The connection to Themis will then go through your OpenLDAP server:

openldap_login.png

If for example, an user with the jdoe login already is within Themis (identified by its login) and that that user sign in with its OpenLDAP account that has the same login (jdoe), then he will arrive directly on its existing account.

If rather, a person signs in OpenLDAP but did not have an already saved account in Themis, then a form will appear allowing him to complete its account within Themis:

openldap_create_account.png

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.