Configuring LDAP authentication

Learn about the properties that you need to set for configuring LDAP authentication.

Edge Flow Manager (EFM) supports username/password authentication using LDAP. Before configuring LDAP, ensure that EFM is already configured for TLS and user authentication is enabled with the following properties:

efm.security.user.auth.enabled

Set to true to enable EFM user authentication. You need to configure an authentication method such as MTLS, OIDC, SAML, KNOX, or LDAP.
efm.security.user.auth.authTokenExpiration

EFM issues access tokens when a user is authenticated. Specify the duration of the token’s validity. The default value is 12 h.

Update the EFM configuration file with the following LDAP authentication properties.
- efm.security.ldap.auth.enabled
  
  Use it to enable LDAP authentication in EFM.
- efm.security.ldap.auth.searchFilter
  
  Use this filter to search for users against efm.security.ldap.user.searchBase (for example: uid={0}). The user’s specified name is inserted into '{0}'.
Configure the following LDAP user search properties.
- efm.security.ldap.user.searchBase
  
  Define the base DN to search for users (for example: ou=users,o=efm).
- efm.security.ldap.user.objectClass
  
  Specify the object class used to identify users (for example: person).
- efm.security.ldap.user.searchScope
  
  Set the search scope for user searches. Possible values are ONE_LEVEL, OBJECT, or SUBTREE.
- efm.security.ldap.user.identityAttribute
  
  Optionally, you can specify the attribute used to extract user identity (for example: cn). If not set, the entire DN is used.
Once EFM is started with the above configuration, open the site to get redirected to the login page.

On this page, you can log in with your username (as defined by the LDAP identity attribute value) and your password.