# LDAP Plugin for JWT Token

### Definition

Based on a JWT token, the LDAP plugin allows to retrieve a user's uid - gid. The plugin is configurable to specify the unique identifier which is used to retrieve information from the token. The current user's UID and GID values are then retrieved via the LDAP server using this identifier.

### Activation

The LDAP plugin must be activated and configured on the nodes where the dispatcher service is installed.

### Configuration

Define a file named `ldap-mapping.yml` into the folder `/opt/nodeum/plugins/`.

The file has to contain three differents sections: memberUid – groups – persKey.

Each of them can be filled-in with `basedn`, `filter` and `attribute` information. These information has to cope with the LDAP structure.

This following file is an example of `ldap-mapping.yml` file configuration:

```yaml
memberUid:
  basedn: ou=accounts,ou=mysite,dc=my-org,dc=com
  filter: (x-mysite-persKey={{ index (ldapsearch "persKey") 0 }})
  attribute: uid

groups:
  basedn: ou=groups,ou=mysite,dc=my-org,dc=com
  filter: (memberUid={{ index (ldapsearch "memberUid") 0 }})
  attribute: cn

persKey:
  basedn: ou=people,ou=mysite,dc=my-org,dc=com
  filter: (mail={{ .claims.email }}})
  attribute: x-mysite-persKey
```