LDAP Authentication (On-Premise Only)
Authentication against an LDAP directory (Active Directory)
Configuration with Environment Variables
Environment variable: BOTIUMBOX_PASSPORT_STRATEGY
set to ldapauth
Environment variable: BOTIUMBOX_PASSPORT_LDAP_SERVER
Configuration options for connecting to the LDAP Server (Server address, credentials, search parameters, …). Not only authentication is supported, but you can assign Botium Box roles based on groups the user belongs to. Here is a sample configuration:
{
url: 'ldap://ldap.forumsys.com',
bindDN: 'cn=read-only-admin,dc=example,dc=com',
bindCredentials: 'password',
searchBase: 'dc=example,dc=com',
searchFilter: '(uid={{username}})',
groupSearchBase: 'dc=example,dc=com',
groupSearchFilter: '(uniqueMember={{dn}})',
groupSearchAttributes: ['dn', 'cn']
}
Note
Botium Box uses the ldapauth-fork component for connecting the the LDAP server. See https://github.com/vesse/node-ldapauth-fork for all options.
The sample configuration from above would retrieve a user record from LDAP similar to this one:
{
dn: 'uid=tesla,dc=example,dc=com',
objectClass: [ 'inetOrgPerson', 'organizationalPerson', 'person', 'top', 'posixAccount' ],
cn: 'Nikola Tesla',
sn: 'Tesla',
uid: 'tesla',
mail: 'tesla@ldap.forumsys.com',
_groups: [
{
dn: 'ou=scientists,dc=example,dc=com',
cn: 'Scientists'
},
{
dn: 'ou=italians,ou=scientists,dc=example,dc=com',
cn: 'Italians'
}
]
}
Note
The configuration options are JSON formatted, so make sure that for handing it over as environment variable to not split it over several lines (environment variable could be splitted, making it invalid).
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_USERNAME
Username property (usually "dn" or "uid", default "uid")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_EMAIL
Email property (usually "mail" or "email", default "mail")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_GROUPNAME
Group name property for LDAP groups (usually "cn" or "name", default "cn")
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_USER
1 (auto create users not found in Botium Box) or 0 (default 0)
Environment variable: BOTIUMBOX_PASSPORT_LDAP_GROUP2ROLE
JSON Structure to map LDAP groups to Botium Box roles
{
"Mathematicians": "TESTMANAGER",
"Scientists": "TESTER"
}
Environment variable: BOTIUMBOX_PASSPORT_LDAP_USER2ROLE
JSON Structure to map individual LDAP user names to Botium Box roles
{
"gauss": "ADMIN"
}
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_ROLE
Assign role to auto created user (default GUEST) if nothing has been mapped
Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_CLIENT
Assign client to auto created user (for multi tenency environments, see below)