LDAP Policy can be used when the user needs to be authenticated while limiting the access to protected resources for certain users. The policy is also designed for retrieving Digital Number (DN) metadata for use in API proxy flows.
For example, an API call may be executed only after a user gets successfully authenticated against LDAP. Then DN attributes may be retrieved optionally for the user after the authentication succeeds.
The properties that have to be configured to use the policy are described below.
Figure 1: LDAP Policy Configuration attributes (for Authentication policy type)
|LDAP Connector Class||When using the LDAP Policy with a custom LDAP provider, specify the fully qualified LDAP connector class. This is the class in which LDAPConnectionProvider interface is implemented. If set to default, the built-in LDAP connector will be used.|
|LDAP Resource||Select the LDAP resource. Refer to Using LDAP Policy for more information.|
The base level of LDAP under which all data exists.
LDAP scopes are:
|LDAP Policy Type|
The functionalities of LDAP Policy are:
Policy configuration based on Policy Types are explained in the next sections.
Username against which authentication is done.
|Password||Password attached to the user name.|
Applicable to the following Policy Types:
Attributes that need to be retrieved upon a search.
Refer to the Additional Attributes section for detailed information.