Skip to content

LDAP Authentication (On-Premise Only)

Authentication against an LDAP directory (Active Directory)

Configuration with Environment Variables

Environment variable: BOTIUMBOX_PASSPORT_STRATEGY

set to ldapauth

Environment variable: BOTIUMBOX_PASSPORT_LDAP_SERVER

Configuration options for connecting to the LDAP Server (Server address, credentials, search parameters, …). Not only authentication is supported, but you can assign Botium Box roles based on groups the user belongs to. Here is a sample configuration:

{
  url: 'ldap://ldap.forumsys.com',
  bindDN: 'cn=read-only-admin,dc=example,dc=com',
  bindCredentials: 'password',
  searchBase: 'dc=example,dc=com',
  searchFilter: '(uid={{username}})',
  groupSearchBase: 'dc=example,dc=com',
  groupSearchFilter: '(uniqueMember={{dn}})',
  groupSearchAttributes: ['dn', 'cn']
}

Note

Botium Box uses the ldapauth-fork component for connecting the the LDAP server. See https://github.com/vesse/node-ldapauth-fork for all options.

The sample configuration from above would retrieve a user record from LDAP similar to this one:

 { 
  dn: 'uid=tesla,dc=example,dc=com',
  objectClass: [ 'inetOrgPerson', 'organizationalPerson', 'person', 'top', 'posixAccount' ], 
  cn: 'Nikola Tesla', 
  sn: 'Tesla', 
  uid: 'tesla', 
  mail: 'tesla@ldap.forumsys.com', 
  _groups: [ 
    { 
      dn: 'ou=scientists,dc=example,dc=com', 
      cn: 'Scientists' 
    }, 
    { 
      dn: 'ou=italians,ou=scientists,dc=example,dc=com', 
      cn: 'Italians' 
    } 
  ] 
}

Note

The configuration options are JSON formatted, so make sure that for handing it over as environment variable to not split it over several lines (environment variable could be splitted, making it invalid).

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_USERNAME

Username property (usually "dn" or "uid", default "uid")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_EMAIL

Email property (usually "mail" or "email", default "mail")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_PROPERTY_GROUPNAME

Group name property for LDAP groups (usually "cn" or "name", default "cn")

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_USER

1 (auto create users not found in Botium Box) or 0 (default 0)

Environment variable: BOTIUMBOX_PASSPORT_LDAP_GROUP2ROLE

JSON Structure to map LDAP groups to Botium Box roles

{ 
  "Mathematicians": "TESTMANAGER", 
  "Scientists": "TESTER"
}

Environment variable: BOTIUMBOX_PASSPORT_LDAP_USER2ROLE

JSON Structure to map individual LDAP user names to Botium Box roles 

{ 
  "gauss": "ADMIN" 
}

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_ROLE

Assign role to auto created user (default GUEST) if nothing has been mapped

Environment variable: BOTIUMBOX_PASSPORT_LDAP_AUTOCREATE_CLIENT

Assign client to auto created user (for multi tenency environments, see below)