Integrations
Integrations
Breadcrumbs

Login LDAP/LAD

Integration model

Authentication

Anjana Data interacts with the identity manager via the LDAP protocol, through which it validates the credentials provided by the user.

The functionality is directly embedded in the Zeus authentication management microservice; it is enabled and configured via the configuration file of said microservice.


LDAP authentication mechanism implemented

Authentication configuration

The various authentication providers used are configured in the security.authentication property.

In the case of LDAP, the following properties must be configured:

YAML
security:
  authentication:
    ldap:
 	  #Tipo de autenticación para el login (puede ser USER_PASSWORD, USER_PASSWORD_ENC y USER_CONNECTION)
      user-authentication: XXX
	  #Ldap url y puerto
      url: ldap://ldapservice:10389
	  #El DN base del esquema
      base-dn: dc=anjanadata,dc=org
	  #La clase que tienen los usuarios
      user-structural-class: person
      #El atributo donde esta el nombre de usuario de los usuarios
      user-search-attribute: cn
	  #El filtro para usar en el login (solo es necesario si el user-authentication es USER_PASSWORD_ENC)
      user-search-filter: (cn={0})



The following properties are optional:

YAML
security:
  authentication:
    ldap:
 	  #El usuario administrativo para hacer las queries contra el ldap
      connection-user-dn: uid=admin,ou=system
      #La contraseña del usuario administrativo
      connection-user-password: XXX
      #El atributo donde está el número o identificador de empleado
      employee-search-attribute: employeeNumber
      #El atributo donde está el nombre del empleado
      name-search-attribute: givenName
      #El atributo donde está el apellido del empleado
      surname-search-attribute: sn
      #El atributo donde está el título del empleado
      title-search-attribute: title
      #El atributo donde está el numero de telefono del empleado
      phone-search-attribute: telephoneNumber


Active governance

In general, Anjana Data DSAs will be represented as groups and the signatories of those DSAs will be members of those groups. The Tot plugins assign permissions in the technologies connected to said LDAP by mapping those permissions directly against these groups that represent the DSAs.

Required credentials

Authentication

A credential that allows the following is required:

  • Perform user credential validation (bind)

  • Retrieve user information


LDAP authentication mechanism implemented


Active governance

Required credential documented in the “Tot plugin LDAP” plugin