LDAP Auth Adapter

The LDAP auth adapter ( see <AuthAdapters> ) allows for authentication against LDAP sources, including Active Directory.

There are no pre-defined auth_types for the ldap adapter.  To create one, create a file in /WEB-INF/myna/auth_types/ with the name you would for your adapter.  In this example we will call it /WEB-INF/myna/auth_types/our_domain. in this file you will need a valid config.  A config is a valid JSON String with the following properties:

auth_typename of the this config.  This should be the same as the config’s filename
adapter”ldap”
serverServer and initial subtree to connect to.
ldap://server.yourdomain.com:389/o=top,ou=people
ldaps://server.yourdomain.com:636/o=top,ou=people

Note: AD needs to have the domain translated to initial context

my.domain.com becomes ldap://my.domain.com:389/dc=my,dc=domain,dc=com
search _columnsa comma separated list of ldap properties to use when searching this adapter
mapobject that maps Myna User properties to ldap properties.  At the very least this object must have these properties: “login,first_name,last_name”
filterOptional, default null LDAP query to filter results, ex: (ObjectClass=Person)
ad_domainOptional, default null The Active Directory domain. if set, then special Active Directory processing is activated
usernameOptional, default null username of user with whom to bind to the directory.  Only needed if you directory doesn’t allow anonymous binds for searches.  AD users should just put the username here, all other should use a fully qualified Distinguished Name(dn)
passwordOptional, default null password of user with whom to bind to the directory.

Here is an Active Directory example:

{
"auth_type":"our_domain",
"adapter":"ldap",
"server":"ldap://our_domain.com/dc=our_domain,dc=com",
"search_columns":"cn,name",
"filter":"(ObjectClass=Person)",
"ad_domain":"our_domain",
"username":"search_user",
"password":"search_password",
"map":{
"first_name":"givenName",
"last_name":"sn",
"middle_name":"initials",
"login":"cn"
}
}

Once this is in place you can add users via the Permissions area of the administrator