Usage with Active Directory

The add-on provides a separate Security Configuration for using it with Active Directory. Since Active Directory supports its own non-standard authentication options, such as authentication with the domain username in the form user@domain instead of an LDAP distinguished name, Spring Security provides a separate AuthenticationProvider, which is customized for a typical Active Directory setup.

If you are going to work with Active Directory, set the property:

jmix.ldap.use-active-directory-configuration = true

By setting this property you instruct the application to use the ActiveDirectoryLdapAuthenticationProvider which is more suitable for usage with Active Directory.

You should specify the user search filter used by ActiveDirectoryLdapAuthenticationProvider for searching the user:

jmix.ldap.user-search-filter = (&(objectClass=user)(userPrincipalName={0}))

In the example above users will enter their username in the form username@domain.

Alternatively you may configure the authentication provider in the following way:

jmix.ldap.user-search-filter = (&(objectClass=user)(sAMAccountName={1}))
jmix.ldap.active-directory-domain = somedomain

In this case, users will have to type only their username (without domain) on the login form.