Skip to content

Latest commit

 

History

History
102 lines (83 loc) · 4.64 KB

README.md

File metadata and controls

102 lines (83 loc) · 4.64 KB

Contributors Forks Stargazers Issues Apache License

Gluu agama-ldap

Welcome to the https://github.com/GluuFederation/agama-ldap project. This project is governed by Gluu and published under an Apache 2.0 license. It provides various flows to password authenticate a person.

Password authentication is still useful ! ! !

This is also a great project to fork if you want to write a “Hello World” Agama project.

Implementations

  • Jans Auth Server
  • Gluu Flex

Flow: One-step password authn

This is the classic combined username / password form authentication workflow. The sequence diagram below shows the good flow.

agama-ldap sequence diagram image Source

Flow Configuration

Below is a typical agama-ldap flow

{
  "org.gluu.agama.ldap.pw.main": {
      "lockConfig": {
          "MAX_LOGIN_ATTEMPT": 6,
          "ENABLE_LOCK": true,
          "LOCK_EXP_TIME": 180
      },
      "useInternalLdapConfig": false,
      "serversConfig": [
          {
              "configId": "ad_1",
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "servers": ["localhost:1389"],
              "maxConnections": 3,
              "useSSL": false,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["uid"],
              "localLoginAttributes": ["uid"]
           },
           {
              "configId": "ad_2",
              "servers": ["localhost:2389"],
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "useSSL": false,
              "maxConnections": 3,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["mail"],
              "localLoginAttributes": ["mail"]
           }
       ]
  }
}

  • MAX_LOGIN_ATTEMPT: Is the maximum failed login attempt before the user account is locked
  • ENABLE_LOCK: true/false, this is use to enable the Account Lock feature
  • LOCK_EXP_TIME: The time in seconds befor a locked account is unlock.
  • useInternalLdapConfig: Specify which LDAP configuration to use. true means that agama-ldap should use Jans Auth LDAP server configurations. false allow to specify LDAP configurations in serverConfig section.
  • serversConfig: One or more LDAP server configurations

TUI sample settings:

These are sample setting for useInternalLdapConfig = true:

tui_ldap_1 tui_ldap_2

License

This project is licensed under the Apache 2.0