...
Note that Syndeia Cloud 3.3/3.4 does not yet support LDAP Groups, we are working on adding this feature.
2. Pre-Requisites
Syndeia Cloud 3.3 .0+SP1+, 3.4: This is a newer LDAP build vs. the Syndeia Cloud 3.2 public release which originally did not support LDAP.that added support for MS AD LDAP
Syndeia Java Client (MD/RH plugin or Standalone) v3.3.0+: You can verify the version by examining the titlebar when the Dashboard is open or for MD via the version column in the plugin list.
...
Edit the Web-Gateway µ-service’s
/conf/silhouette.conf
file and scroll to the LDAP provider section, as shown below.Code Block language bash # LDAP provider # The values for hostname, baseDN and adminUserDN are placeholder values. # Please provide actual values, and the value for adminPassword, before using an LDAP provider. ldap.hostname="ldapserver.mycompany.com" # ldap.port=389|636(TLS)|<custom> ldap.port=389 ldap.baseDN="dc=mycompany,dc=com" ldap.adminUserDN="cn=admin,dc=mycompany,dc=com" ldap.adminPassword="" ldap.userBindAttribute="uid" ldap.mailAttribute="userPrincipalName" # [optional]: For SSL/TLS + certificate-based LDAPS # ldap.startTLS=false|true ldap.startTLS=false ldap.truststorePath="", ldap.truststorePassword="", ldap.trustStoreType = "", # ldap.trustAllCertificates=true|false ldap.trustAllCertificates=true
Specify values for L4-10 11 in the LDAP provider section, these are the minimum required parameters and includes the LDAP:
hostname
: FQDN of LDAP server,port
: port of LDAP server, usually 389 or 636 (TLS),baseDN
: base Distinguished Name (DN) from where to perform searches from,adminUserDN
: DN of admin user to bind to perform searches for other users,
adminPassword
(the last two fields areadminPassword
: password for admin user
adminUserDN
&adminPassword
are normally required for making the initial connection to the LDAP server before verifying the user.
In some (public) organizations where the LDAP server does not require any credentials to access it, these two fields may be left empty.ldap.userBindAttribute
: this attribute refers to the attribute that defines the username, usually"uid"
ldap.mailAttribute
: basically the attribute that contains an RFC822-format (email-syntax) user identifier ("userPrincipalName"
in MS AD,“email”
in OpenLDAP)
Save the changes
Restart the web-gateway service.
At this point, if a user authenticates via LDAP with the Syndeia client, it should automatically create an account with default user read-level permissions, ie: you can open a project and read information but not create new connections, repositories, or projects.
If the user requires more permissions, use the User Management feature in the Web Admin Portal to change this.