26.1. ad-auth

The following documentation is for ad-auth content package at version v0.0.0.

26.1.1. params

The content package provides the following params.

26.1.1.1. ad-auth/base-dn

The base DN for the queries.

e.g. “OU=Users,DC=example,DC=com”

26.1.1.2. ad-auth/default-role

This parameter provides the default role for a user that matches no groups.

26.1.1.3. ad-auth/deny-if-no-groups

This parameter, if true, denies access to users who authenticate but do not match any AD groups specified in the ad-auth/groups parameter.

26.1.1.4. ad-auth/group-roles-map

This is a map of group names to a list of roles for that group.

All matches will be applied.

26.1.1.5. ad-auth/groups

This is a list groups that will be returned by AD if the user is a member of them.

These will be used against the maps to set roles and tenants.

26.1.1.6. ad-auth/user-activity-window

This parameters specifies how long a user should be idle before being removed (in seconds). The default is 259200 seconds (or 30 days).

26.1.1.7. auth/password

This parameter provides the password to attempt to authenticate on an authenticate call. This should not be set on a machine or in a profile. It is passed as an argument on an authenticate call.

26.1.1.8. ad-auth/ad-url

This parameter defines the url for the AD server to authenticate against.

e.g. ldap://my.server.com:389

26.1.1.9. ad-auth/additional-dns

Additional domains to authenticate against.

e.g. [ “OU=Users1,DC=example,DC=com”, “OU=Users2,DC=example,DC=com” ]

26.1.1.10. ad-auth/user-activity-check

This parameters specifies how often ad-auth should check for stale users (in seconds). The default is 86400 seconds (or 1 day).

26.1.1.11. auth/username

This parameter provides the username to attempt to authenticate on an authenticate call.

26.1.1.12. ad-auth/ad-tls

This parameter defines the tls mode for the AD server to authenticate against.

TLS STARTTLS NONE