LDAP Plugin for JWT Token

Definition

Based on a JWT token, the LDAP plugin allows to retrieve a user's uid - gid. The plugin is configurable to specify the unique identifier which is used to retrieve information from the token. The current user's UID and GID values are then retrieved via the LDAP server using this identifier.

Activation

The LDAP plugin must be activated and configured on the nodes where the dispatcher service is installed.

Configuration

Define a file named ldap-mapping.yml into the folder /opt/nodeum/plugins/.

The file has to contain three differents sections: memberUid – groups – persKey.

Each of them can be filled-in with basedn, filter and attribute information. These information has to cope with the LDAP structure.

This following file is an example of ldap-mapping.yml file configuration:

memberUid:
  basedn: ou=accounts,ou=mysite,dc=my-org,dc=com
  filter: (x-mysite-persKey={{ index (ldapsearch "persKey") 0 }})
  attribute: uid

groups:
  basedn: ou=groups,ou=mysite,dc=my-org,dc=com
  filter: (memberUid={{ index (ldapsearch "memberUid") 0 }})
  attribute: cn

persKey:
  basedn: ou=people,ou=mysite,dc=my-org,dc=com
  filter: (mail={{ .claims.email }}})
  attribute: x-mysite-persKey

Last updated 2 months ago