About

The LdapModule provides a services for connecting to LDAP directories. It provides a domain model for configuring LDAP connections and integrating them with an authentication layer. If UserModule is also present support for synchronizing users and groups from LDAP will also be active.

1. General information

1.1. Artifact

<dependencies>
    <dependency>
        <groupId>com.foreach.across.modules</groupId>
        <artifactId>ldap-module</artifactId>
        <version>1.0.0.RELEASE</version>
    </dependency>
</dependencies>

1.2. Module dependencies

Module Type Description

AcrossWebModule

required

AcrossHibernateJpaModule

required

Required for persisting the domain model.

AdminWebModule

optional

Enables the administration user interface for the LDAP entities (if EntityModule is also enabled).

EntityModule

optional

Enables the administration user interface for the LDAP entities (if EntityModule is also enabled).

UserModule

optional

Activates support for synchronizing users and groups from LDAP.

1.3. Module settings

All properties start with the ldapModule. prefix.

Property Type Description Default

ldapModule.disableSynchronizationTask

Boolean

Enable or disable the ldap synchronization task for all user directories.

false

ldapModule.synchronizationTaskIntervalInSeconds

Long

The interval for the synchronization task in seconds.

300 (5 minutes)

2. What’s new in this version?

1.0.0.RELEASE

Initial public release available on Maven central.

3. Configuration

Adding the dependency to LdapModule will automatically register a synchronization task which runs every 5 minutes. The task will not run until an LdapConnector and LdapUserDirectory are created.

3.1. Configuration via AdminWebModule

The configuration of an LdapConnector and LdapUserDirectory is easiest done by using the AdminWebModule. After logging into the AdminWebModule, create a new LdapConnector by using the navigation.

Currently, the LdapModule support following LDAP directories:

3.1.1. LdapConnector fields

Field Description Default

Name

A logical name for your connector

Host name

The hostname or IP address of your Active Directory

Port

The port of your Active Directory

Ldap connector type

The implementation of your Active Directory

Read timeout

Unused

Search timeout

How long an LDAP query may run before aborting (in milliseconds)

0 = unlimited

Connection timeout

Unused: How long the socket should wait while attempting to create a connection and finally aborting (in milliseconds)

Username

The username used to bind to the active directory. For Microsoft Active Directory, the domain is not necessary and should be the "cn" of a user. For example "David Croft".

Password

The password used to bind to the active directory.

Base dn

The base tree where to start search. For example: dc=organisation,dc=com

Additional user dn

Unused: The base tree to look for users.

Additional group dn

Unused: The base tree to look for groups.

Note
  • When using Microsoft Active Directory, use port 389 instead of 3268 (Global Catalog). This because the Global Catalog is read-only.

After creating an LdapConnector you can create an LdapUserDirectory and link this LdapConnector to it.

3.1.2. LdapUserDirectory fields

Field Description Default

Ldap connector

The ldap connector to which this User Directory is linked to

Name

A logical name for your User Directory

Order

The order in the tree of UserDirectoryServiceProviders

Active

If the User Directory is active and the synchronization should be executed

false