Apache Sling > Sling CMS > Administration > LDAP Authentication
LDAP Authentication is provided via the Apache Jackrabbit Oak LDAP Integration. There are three steps to configure the integration:
For implementations with large numbers of users and groups, Dynamic Group Membership can help ensure performance by essentially inverting the authentication paradigm to store the user's group membership on a protected property rep:externalPrincipalNames
.
The following example configuration shows how to setup LDAP Authentication.
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.[id].config
userPool.maxActive=L"8" searchTimeout="60s" host.name="localhost" customattributes=[""] adminPool.maxActive=L"8" group.makeDnPath=B"false" user.baseDN="dc\=planetexpress,dc\=com" group.objectclass=["Group"] user.objectclass=["person"] userPool.lookupOnValidate=B"true" host.noCertCheck=B"false" user.makeDnPath=B"false" bind.dn="cn\=admin,dc\=planetexpress,dc\=com" group.baseDN="dc\=planetexpress,dc\=com" group.extraFilter="" user.extraFilter="" host.port=I"389" bind.password="GoodNewsEveryone" adminPool.lookupOnValidate=B"true" useUidForExtId=B"false" group.nameAttribute="cn" provider.name="ldap" host.ssl=B"false" host.tls=B"false" user.idAttribute="uid" group.memberAttribute="uniquemember"
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler.[id].config
group.pathPrefix="" user.dynamicMembership=B"false" group.expirationTime="1d" user.membershipExpTime="1h" user.pathPrefix="" user.propertyMapping=["rep:fullname\=cn"] handler.name="default" enableRFC7613UsercaseMappedProfile=B"false" user.autoMembership=["administrators"] user.expirationTime="1h" group.propertyMapping=[""] group.autoMembership=[""] user.disableMissing=B"false" user.membershipNestingDepth=I"1"
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModuleFactory.[id].config
jaas.controlFlag="SUFFICIENT" jaas.ranking=I"99999" sync.handlerName="default" jaas.realmName="" idp.name="ldap"