In-memory User Management
If you want to manage users fully in LDAP, set the following property:
jmix.ldap.user-details-source = ldap
In this case, standard LdapUserDetails
objects are created by Spring Security after each authentication and preserved in memory instead of being taken from the database as the User
entity. User authorities are obtained by the role mapping process described in the Obtaining User Authorities section.
The case when maintaining users in the application is described in the Getting Started section.
LDAP User Repository
When users are primarily managed in LDAP, they can be placed in the application where you need to choose a user or find a user in SuggestionField
. For this purpose, the addon comes with the LDAP implementation of UserRepository
. This user repository provides access to users from LDAP, but it does not provide system
or anonymous
users. Also, you may want users from the database to be searchable as well.
To achieve this, declare the CompositeUserRepository
bean, which comprises all instances of UserRepository
in the application, for example, LdapUserRepository
and DatabaseUserRepository
.
Remove the @Primary
annotation from the DatabaseUserRepository
not to conflict with the composite repository. Make this UserRepository
primary in the application:
@Bean
@Primary
UserRepository userRepository() {
return new CompositeUserRepository();
}