Sign in and authenticate users using LDAP
Variable name | Value |
---|---|
AUTHENTICATION_MODE | ldap |
Variable name | Description | Example value |
---|---|---|
LDAP_ADMIN_USERNAME | The username of the owner user created on first run | admin |
LDAP_SERVER | The host of the LDAP server | ldap.example.com |
LDAP_BIND_DN | The bind_dn for the LDAP account that will be used to perform search operations | cn=admin,dc=example,dc=com |
LDAP_BIND_PASSWORD | The password for the LDAP account that will be used to perform search operations | password |
LDAP_BASE_DN | The base DN of the server | dc=example,dc=com |
LDAP_AUTHENTICATION_FILTER | The authentication filter to use in template format using the variable username | (&(|(objectClass=inetOrgPerson)(objectClass=groupOfNames))(cn={username})) |
LDAP_AUTHORIZATION_FILTER | The authorization filter to use in template format using the variable user_dn | (&(objectClass=groupOfNames)(cn=group)(member={user_dn})) |
LDAP_GROUP_FIELD | Name of user attribute to use to determine a user’s LDAP group. | memberOf |
LDAP_ROLES_MAPPING | Mapping of user LDAP group to Mage roles. Must be in JSON string format. | '{"Admin": ["Admin"]}' |
LDAP_DEFAULT_ACCESS | Default access for a new user authenticated through LDAP (default user will have no role) | Viewer , Editor , Admin |
UPDATE_ROLES_ON_LOGIN | Update roles on every login. Otherwise, the roles will only be set when the user logs in for the first time. | 1 |