LDAP Security

Introduction

The Lightweight Directory Access Protocol (LDAP) is an open protocol for accessing a company’s information services. Typically, this protocol is used to provide all company users with an easy way to use all services that require access credentials with a single username and password.

Steps

Database

Add a new user

With the database started, we create a new user with the same username that we have registered in the domain. When we try to login we need to use the password of the domain, not the password that inserts into the database. Then, we need to bind this new user with an existing role.

INSERT INTO TUSER (USER_, PASSWORD, NAME, SURNAME, EMAIL, NIF, USERBLOCKED, LASTPASSWORDUPDATE, FIRSTLOGIN) VALUES('domain.username', 'somepassword', 'Name', 'Surname', 'Email', 'Nif', NULL, NULL, NULL);

INSERT INTO TUSER_ROLE (ID_ROLENAME,USER_) VALUES (0,'domain.username');

Modify application.yml

Add LDAP properties

In the application.yml we need to change the ontimize security mode to ldap and add the following properties (More information in this link):

application.yml

ontimize:
   security:
      mode: ldap
      ldap: 
         active: true 
         host: 10.0.0.1
         port: 389
         login-type: simple
         binddn: ou=XXXX,dc=YYY,dc=ZZZ
         basedn: dc=MMMM,dc,NNN
         domain: yourdomain.com
         ssl: false

• ontimize-examples
  • projectwiki-api
    • src
      • main
        • java
          • com
            • ontimize
              • projectwiki
                • api
                  • core
                    • service
                      • IUserService.java
    • pom.xml
  • projectwiki-boot
    • src
      • main
        • java
          • com
            • ontimize
              • projectwiki
                • security
                  • CustomSecurityAutoConfiguration.java
                  • LdapAuthenticationMechanism.java
                  • LdapError.java
                • ServerApplication.java
        • resources
          • application.yml
    • pom.xml
  • projectwiki-model
    • src
      • main
        • db
          • templateDB.properties
          • templateDB.script
          • templateDB.txt
        • java
          • com
            • ontimize
              • projectwiki
                • model
                  • core
                    • dao
                      • UserDao.java
                      • UserRoleDao.java
                    • service
                      • UserService.java
        • resources
          • dao
            • placeholders.properties
            • RoleDao.xml
            • RoleServerPermissionDao.xml
            • ServerPermissionDao.xml
            • UserDao.xml
            • UserRoleDao.xml
    • pom.xml
  • projectwiki-ws
    • src
      • main
        • java
          • com
            • ontimize
              • projectwiki
                • ws
                  • core
                    • rest
                      • MainRestController.java
                      • TestRestController.java
                      • UserRestController.java
    • pom.xml
  • .gitignore
  • pom.xml
  • README.md

If you activate SSL with ssl: true, you must have the SSL certificate added in a certificate store, such as cacerts, the store that has the virtual machine of the java version that is running the application. You can use applications to import SSL certificates, such as KeyStore Explorer.