wiki/server/modules/authentication/ldap/definition.yml

key: ldap
title: LDAP / Active Directory
description: Active Directory is a directory service that Microsoft developed for the Windows domain networks.
author: requarks.io
logo: https://static.requarks.io/logo/active-directory.svg
color: blue darken-3
website: https://www.microsoft.com/windowsserver
isAvailable: true
useForm: true
usernameType: username
props:
  url:
    title: LDAP URL
    type: String
    default: 'ldap://serverhost:389'
    hint: (e.g. ldap://serverhost:389 or ldaps://serverhost:636)
    order: 1
  bindDn:
    title: Admin Bind DN
    type: String
    default: cn='root'
    hint: The distinguished name (dn) of the account used for binding.
    maxWidth: 600
    order: 2
  bindCredentials:
    title: Admin Bind Credentials
    type: String
    hint: The password of the account used above for binding.
    maxWidth: 600
    order: 3
  searchBase:
    title: Search Base
    type: String
    default: 'o=users,o=example.com'
    hint: The base DN from which to search for users.
    order: 4
  searchFilter:
    title: Search Filter
    type: String
    default: '(uid={{username}})'
    hint: The query to use to match username. {{username}} must be present and will be interpolated with the user provided username when performing the LDAP search.
    order: 5
  tlsEnabled:
    title: Use TLS
    type: Boolean
    default: false
    order: 6
  verifyTLSCertificate:
    title: Verify TLS Certificate
    type: Boolean
    default: true
    order: 7
  tlsCertPath:
    title: TLS Certificate Path
    type: String
    hint: Absolute path to the TLS certificate on the server.
    order: 8
  mappingUID:
    title: Unique ID Field Mapping
    type: String
    default: 'uid'
    hint: The field storing the user unique identifier. Usually "uid" or "sAMAccountName".
    maxWidth: 500
    order: 20
  mappingEmail:
    title: Email Field Mapping
    type: String
    default: 'mail'
    hint: The field storing the user email. Usually "mail".
    maxWidth: 500
    order: 21
  mappingDisplayName:
    title: Display Name Field Mapping
    type: String
    default: 'displayName'
    hint: The field storing the user display name. Usually "displayName" or "cn".
    maxWidth: 500
    order: 22
  mappingPicture:
    title: Avatar Picture Field Mapping
    type: String
    default: 'jpegPhoto'
    hint: The field storing the user avatar picture. Usually "jpegPhoto" or "thumbnailPhoto".
    maxWidth: 500
    order: 23
  mapGroups:
    type: Boolean
    title: Map Groups
    hint: Map groups matching names from the users LDAP/Active Directory groups. Group Search Base must also be defined for this to work. Note this will remove any groups the user has that doesn't match an LDAP/Active Directory group.
    default: false
    order: 24
  groupSearchBase:
    type: String
    title: Group Search Base
    hint: The base DN from which to search for groups.
    default: OU=groups,dc=example,dc=com
    order: 25
  groupSearchFilter:
    type: String
    title: Group Search Filter
    hint: LDAP search filter for groups. (member={{dn}}) will use the distinguished name of the user and will work in most cases.
    default: (member={{dn}})
    order: 26
  groupSearchScope:
    type: String
    title: Group Search Scope
    hint: How far from the Group Search Base to search for groups. sub (default) will search the entire subtree. base, will only search the Group Search Base dn. one, will search the Group Search Base dn and one additional level.
    default: sub
    order: 27
  groupDnProperty:
    type: String
    title: Group DN Property
    hint: The property of user object to use in {{dn}} interpolation of Group Search Filter.
    default: dn
    order: 28
  groupNameField:
    type: String
    title: Group Name Field
    hint: The field that contains the name of the LDAP group to match on, usually "name" or "cn".
    default: name
    order: 29