LDAP Properties

jmix.ldap.enabled

Defines if the LDAP authentication is enabled.

Default value: true

jmix.ldap.default-roles

Defines a list of roles that will be assigned to every user after successful authentication.

Example: jmix.ldap.default-roles = ui-minimal, ui-filter

jmix.ldap.user-details-source

Defines a source of the UserDetails objects returned after successful authentication.

Possible values:

  • app - UserDetails obtained from the primary UserDetailsService of the application, typically from DB.

  • ldap - standard LdapUserDetails objects created by Spring Security are used.

Default value: app

jmix.ldap.urls

An LDAP server URL. LDAP URLs (SSL-secured) may be used as well, considering that Spring Security can connect to the server. Note that these URLs must not include the base DN. Multiple URLs can be specified in the comma-separated list. In this case, a connection will be established to any of the provided LDAP server URLs.

Example: ldap://ldap.company.com:389

jmix.ldap.base-dn

Defines a base DN. If configured, all LDAP operations on contexts retrieved from this ContextSource relate to this DN. The default value is an empty distinguished name, that is, all operations relate to the directory root.

jmix.ldap.manager-dn

Indicates a DN used for authentication. This is normally the distinguished name of the "manager" user.

jmix.ldap.manager-password

Defines a password for the "manager" user.

jmix.ldap.user-search-base

Defines search base for user searches. Used with jmix.ldap.user-search-filter.

jmix.ldap.user-search-filter

An LDAP filter used to search for users. The substituted parameter is the user’s login name.

Example: (uid={0})

jmix.ldap.username-attribute

An LDAP attribute corresponding to the username. It is used during user synchronization to assign the correct username for the user.

Default value: uid

jmix.ldap.group-role-attribute

An attribute of the LDAP group corresponding to the authority name.

Default value: cn

jmix.ldap.group-search-base

Defines a search base for group searches.

The default value is an empty string.

jmix.ldap.group-search-subtree

If set to true, a subtree scope search will be performed. If false, a single-level search is used.

Default value: false

jmix.ldap.group-search-filter

An LDAP filter used to search for user’s groups (optional). The substituted parameter is the user’s login name.

Default value: (uniqueMember={0})

jmix.ldap.use-active-directory-configuration

Defines if Active Directory specific security configuration should be used instead of the default one.

Default value: false

jmix.ldap.active-directory-domain

Used only with the ActiveDirectory configuration. Specifies the Active Directory domain name.

Example: mydomain.com

jmix.ldap.group-for-synchronization

A DN of the group containing users to be synchronized in the application.

jmix.ldap.synchronize-role-assignments

Defines whether to save role assignments during user synchronization or not.

Default value: true

jmix.ldap.standard-authentication-users

Defines a list of users that should always be authenticated with the standard authentication.

Default value: admin, system

Example: jmix.ldap.standard-authentication-users = admin, operator

jmix.ldap.synchronize-user-on-login

Defines whether users are synchronized on every login. For example, if you want to load users from LDAP beforehand and synchronize them once a day on a scheduled task, set the property to false.

Default value: true

jmix.ldap.memeber-attribute

An LDAP group attribute to specify a group member.

Default value: uniqueMember