Documentation

ldap

The ldap backend allows Radiator to authenticate and authorize users against an LDAP directory.

Example configuration of an LDAP backend:

ldap "ldap.forumsys.com" {
    # LDAP server
    server "ldap.forumsys.com" {
        # LDAP URL
        url "ldap://ldap.forumsys.com:389/";

        # Operation timeout (supports duration units like 3s, 5m, 1h)
        timeout 3s;

        # How many sockets/connections at maximum to open
        #connections 10;

        # (Optional) Authentication
        authentication {...}

        # (Optional) TLS client configuration
        #tls {...}
    }

    # A single backend can have multiple LDAP servers configured
    #server "ldap2" {
    #   ...
    #}

    # (Optional) Per search/operation authentication
    #authentication {
    #    # Basic bind authentication
    #    # Both dn and password parameter support %{...} attribute templates
    #    dn "uid=%{aaa.identity},dc=example,dc=com";
    #    password "%{auth.response}";
    #}

    # LDAP operations

    # LDAP search operation named "user_groups"
    search "user_groups" {
        base "dc=example,dc=com";
        scope sub;
        filter "(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=%{aaa.identity},dc=example,dc=com))";

        # Result values mapping
        mapping {
            # the entry DNJ
            vars.dn = entry::dn;
            # Attributes
            user.username = uid;
            user.group += ou;
        }
    }
}
Navigation
Home
Parents
Children