Radiator Server Documentation — v10.33.1
Table of Contents
authentication
Configures how Radiator authenticates (binds) to the LDAP server. This block is placed inside a server block. If omitted, Radiator connects anonymously.
Two mutually exclusive authentication modes are supported:
Simple bind (dn / password)
Authenticates with a distinguished name and password. This is the most common mode.
| Parameter | Required | Description |
|---|---|---|
dn | Yes | Distinguished name to bind as. Accepts a literal string or environment variable reference. |
password | Yes | Bind password. Accepts a literal string or environment variable reference. |
server "ldap.example.com" {
url "ldap://ldap.example.com:389/";
authentication {
dn "cn=read-only-admin,dc=example,dc=com";
password "password";
}
}
Credentials can be sourced from environment variables:
authentication {
dn env.LDAP_BIND_DN;
password env.LDAP_BIND_PW;
}
SASL External
Authenticates using the TLS client certificate presented during the TLS handshake (SASL EXTERNAL mechanism). Requires a tls block with a client certificate on the same server.
server "ldaps.example.com" {
url "ldaps://ldaps.example.com:636/";
tls {
certificate "ldap-client.cert";
certificate_key "ldap-client.key";
server_ca_certificate "ldap-ca.cert";
}
authentication {
external;
}
}
Table of Contents
Navigation