Configuring The LDAP Identity Provider

The LDAP Identity Provider is used to define how users are retrieved from the LDAP server.

It can be found in the management console under the Apache Jackrabbit Oak LDAP Identity Provider name.

The following configuration options are available for the LDAP Identity Provider:

LDAP Provider NameName of this LDAP provider configuration.
LDAP Server HostnameHostname of the LDAP server
LDAP Server PortPort of the LDAP server
Use SSLIndicates if an SSL (LDAPs) connection should be used.
Use TLSIndicates if TLS should be started on connections.
Disable certificate checkingIndicates if server certificate validation should be disabled.
Bind DNDN of the user for authentication. If this field is left empty, an anonymous bind is performed.
Bind PasswordPassword of the user for authentication
Search timeoutTime until a search times out
Admin pool max activeThe maximum active size of the admin connection pool.
User pool max activeThe maximum active size of the user connection pool.
User base DNThe DN for user searches
User object classesThe list of object classes that a user entry must contain.
User id attributeName of the attribute that contains the user id.
User extra filterExtra LDAP filter to use when searching for users. The final filter is formatted like: '(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)' (user.extraFilter)
User DN pathsControls if the DN should be used for calculating a portion of the intermediate path.
Group base DNThe base DN for group searches.
Group object classesThe list of object classes a group entry must contain.
Group name attributeName of the attribute that contains the group name.
Group extra filterExtra LDAP filter to use when searching for groups. The final filter isformatted like: '(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)'
Group DN pathsControls if the DN should be used for calculating a portion of the intermediate path.
Group member attributeGroup attribute that contains one or more members of a group.