Usage with Active Directory
The add-on provides a separate Security Configuration for using it with Active Directory. Since Active Directory supports its own non-standard authentication options, such as authentication with the domain username in the form user@domain
instead of an LDAP distinguished name, Spring Security provides a separate AuthenticationProvider
, which is customized for a typical Active Directory setup.
If you are going to work with Active Directory, set the property:
jmix.ldap.use-active-directory-configuration = true
By setting this property you instruct the application to use the ActiveDirectoryLdapAuthenticationProvider
which is more suitable for usage with Active Directory.
You should specify the user search filter used by ActiveDirectoryLdapAuthenticationProvider
for searching the user:
jmix.ldap.user-search-filter = (&(objectClass=user)(userPrincipalName={0}))
In the example above users will enter their username in the form username@domain
.
Alternatively you may configure the authentication provider in the following way:
jmix.ldap.user-search-filter = (&(objectClass=user)(sAMAccountName={1}))
jmix.ldap.active-directory-domain = somedomain
In this case, users will have to type only their username (without domain) on the login form.