Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

LDAP and Active Directory

LDAP - Authenticate User Node

search

Please Note:

LDAP - Authenticate User Node

   
Description The LDAP - Authenticate User node authenticates a user against an LDAP directory by performing a bind operation using the provided credentials.
Available in Authentication, Admin, Self Service, API, Consent, Library, Custom, User Defined
Node Name LDAP - Authenticate User

LDAP Configuration

Connection Mode Defines the connection protocol used to communicate with the LDAP server. Option available: - **ldap**: Standard (non-secure) connection (port 389). - **ldaps**: Secure connection over SSL/TLS (port 636). - **start-tls**: Connection starts as a standard LDAP connection (typically on port 389) and is then upgraded to a secure channel using TLS.
Hostname Specifies the **hostname** or **IP address** of the LDAP server.
Port Defines the port used to connect to the LDAP server. Typical values: - **389** for LDAP - **636** for LDAPS
Connection Timeout Specifies the maximum time (in seconds) to wait for a connection to the LDAP server. A value of 0 usually means **no timeout**.
Admin user DN The **Distinguished Name (DN)** of the administrative user used to perform the LDAP search operation.
Admin user Password The password associated with the **admin user DN**.
Base DN Defines the **base context (starting point)** in the LDAP directory where the user search will be performed.
Search Scope Defines the scope of the LDAP search: - **base**: Searches only the base DN - **one**: Searches one level under the base DN - **sub**: Searches the entire subtree under the base DN
Search Filter Specifies the LDAP search filter used to locate the user. Example: `(uid={{username}})` The filter can include variables to dynamically match user input.
Password Attribute Specifies the LDAP attribute that contains the user's password (if applicable). This is used depending on the authentication strategy.
Attributes Defines which **LDAP attributes** should be retrieved after a successful authentication (e.g., **uid, samaccountname, mail, cn**). These attributes can be used in subsequent nodes of the flow.

User Identify Rule

Condition to map the user retrieved from the node to the user in the session The **User Identity Rule** is the condition used to **match** the user retrieved by the node with the user stored in the **current user session** (that can be already active or to be activated at the end of the flow). This rule can be configured in **two** ways: - **Textual editor mode**: where you can manually define the matching condition (for example: `username == username`). - **Visual editor mode**: which provides a guided **interface** to select attributes and combine conditions without writing expressions manually. The **rule must follow** the format: `(user attribute) == (node attribute)(0-n applied functions){ n[0-n][(|| or &&) (user attribute) == (node attribute)(0-n applied functions)]}` Example: `email` == `cn.toLowerCase().concat('@example.com')` || `email` == `uid.toLowerCase().concat('@example.com')` #### Attribute Manipulation It is possible to use a set of basic functions to manipulate attributes, see [Attribute Manipulation]({filename}/pages/io/io-nodes/io-node-types/common-configurations.md#attribute-manipulation).

Save in Session

Session attribute mapping The **Save in Session** option is used to persist data within the user session. **Session Attribute Mapping** section allows mapping attributes to specific values. Multiple mappings can be defined, they're then stored in the user session at the end of the flow. Rule are defined as: `attribute : value retrieved from the node` Example: `username: uid` #### Attribute Manipulation It is possible to use a set of basic functions to manipulate attributes, see [Attribute Manipulation]({filename}/pages/io/io-nodes/io-node-types/common-configurations.md#attribute-manipulation).

Save in the Flow store

Save in the Flow store Attributes generated or retrieved from the node can be saved **into a variable**. They can then be **reused by other nodes** in the flow by referencing them as `{{variable.attribute}}`. To do this you choose attributes that need to be stored in the variable, and in the flow store (All attributes exposed by the node are listed in a **multi-select dropdown**, allowing the user to choose **one or more** of them), then a **variable name** that can be **freely defined** by the user. There is also a flag to make the variable available to the **frontend**.

Default Output Node

  • Success
  • Wrong Credentials
  • User Not Found
  • Failure

On this page