LDAP Policy can be used when the user needs to be authenticated while limiting the access to protected resources for certain users. The policy is also designed for retrieving Digital Number (DN) metadata for use in API proxy flows.
For example, an API call may be executed only after a user gets successfully authenticated against LDAP. Then DN attributes may be retrieved optionally for the user after the authentication succeeds.


The properties that have to be configured to use the policy are described below.

Figure 1: LDAP Policy Configuration attributes (for Authentication policy type)

LDAP Connector ClassWhen using the LDAP Policy with a custom LDAP provider, specify the fully qualified LDAP connector class. This is the class in which LDAPConnectionProvider interface is implemented. If set to default, the built-in LDAP connector will be used.
LDAP ResourceSelect the LDAP resource. Refer to Using LDAP Policy for more information.

The base level of LDAP under which all data exists.

LDAP Scopes

LDAP scopes are:

  • Object: Authentication or search occurs only at the base level of LDAP.
  • Onelevel: Authentication or search occurs one level below the base level.
  • Subtree (default): Authentication or search occurs at the base level and recursively below the base.

LDAP Policy Type

The functionalities of LDAP Policy are:

  • Authentication: User Name and Password Authentication
  • Search and Authenticate: DN Attribute Authentication
  • Search: Searching LDAP

Policy configuration based on Policy Types are explained in the next sections.

User Name

Username against which authentication is done.


This is applicable only for Authentication policy type.

PasswordPassword attached to the user name.

Applicable to the following Policy Types:

  • Search and Authenticate - Search query to get the user name. 
  • Search - Search query to retrieve additional DN attributes.
Additional Attributes

Attributes that need to be retrieved upon a search.


Additional Attributes are applicable only for Search policy type.

Refer to the Additional Attributes section for detailed information.

Adaptavist ThemeBuilder EngineAtlassian Confluence