In-memory User Management

If you want to manage users fully in LDAP, set the following property:

jmix.ldap.user-details-source = ldap

In this case, standard LdapUserDetails objects are created by Spring Security after each authentication and preserved in memory instead of being taken from the database as the User entity. User authorities are obtained by the role mapping process described in the Obtaining User Authorities section.

The case when maintaining users in the application is described in the Getting Started section.

LDAP User Repository

When users are primarily managed in LDAP, they can be placed in the application where you need to choose a user or find a user in SuggestionField. For this purpose, the addon comes with the LDAP implementation of UserRepository. This user repository provides access to users from LDAP, but it does not provide system or anonymous users. Also, you may want users from the database to be searchable as well.

To achieve this, declare the CompositeUserRepository bean, which comprises all instances of UserRepository in the application, for example, LdapUserRepository and DatabaseUserRepository.

Remove the @Primary annotation from the DatabaseUserRepository not to conflict with the composite repository. Make this UserRepository primary in the application:

@Bean
@Primary
UserRepository userRepository() {
    return new CompositeUserRepository();
}