LDAP Configuration

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

To configure LDAP authentication, in the Administration module go to Authentication | LDAP and click New LDAP Settings.

new ldap settings.png

The following table describes the configuration parameters for LDAP connection settings.

LDAP Connection Setting

Description

Enabled

When set, these settings are enabled.

Settings Name

The unique ID of the LDAP setting.

LDAP URL

Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com .

The URL should include the base DN used to search for and/or authenticate users.

Auto Create System Users

When set, the system will automatically create new users for those who have logged in using LDAP, and assign them to the default groups.

Allow Created Users Access To Profile Page

When set, users created after logging in using LDAP will be able to access their profile page.

Used Page Results

When set, supports paging results for the LDAP server. This feature requires that the LDAP Server supports a PagedResultsControl configuration.

User DN Pattern

A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL.

The pattern argument {0} is replaced with the username at runtime. This only works if anonymous binding is allowed and a direct user DN can be used (which is not the default case for Active Directory).

For example:

uid={0},ou=People

Email Attribute

An attribute that can be used to map a user's email to a user created automatically by the system.

Search Filter

A filter expression used to search for the user DN that is used in LDAP authentication.

This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the username is the only argument, denoted by '{0}'.

Possible examples are:

uid={0}) - this would search for a username match on the uid attribute.

Authentication using LDAP is performed from the DN found if successful.

Search Base

The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ). This is parameter is optional.

Secure LDAP Search

Protects against LDAP poisoning by filtering out users exposed to vulnerabilities.

Search Sub Tree

When set, enables deep search through the sub-tree of the LDAP URL + Search Base. True by default.

Manager DN

The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf.

Manager Password

The password of the user binding to the LDAP server when using "search" authentication.

Test LDAP Connection

Run a LDAP test to validate your settings are correct.