Welcome to the https://github.com/GluuFederation/agama-ldap project. This project is governed by Gluu and published under an Apache 2.0 license. It provides various flows to password authenticate a person.
Password authentication is still useful ! ! !
This is also a great project to fork if you want to write a “Hello World” Agama project.
- Jans Auth Server
- Gluu Flex
This is the classic combined username / password form authentication workflow. The sequence diagram below shows the good flow.
Below is a typical agama-ldap flow
{
"org.gluu.agama.ldap.pw.main": {
"lockConfig": {
"MAX_LOGIN_ATTEMPT": 6,
"ENABLE_LOCK": true,
"LOCK_EXP_TIME": 180
},
"useInternalLdapConfig": false,
"serversConfig": [
{
"configId": "ad_1",
"bindDN": "cn=directory manager",
"bindPassword": "encoded_password/plain_passowrd",
"servers": ["localhost:1389"],
"maxConnections": 3,
"useSSL": false,
"baseDNs": ["ou=people,o=jans"],
"loginAttributes": ["uid"],
"localLoginAttributes": ["uid"]
},
{
"configId": "ad_2",
"servers": ["localhost:2389"],
"bindDN": "cn=directory manager",
"bindPassword": "encoded_password/plain_passowrd",
"useSSL": false,
"maxConnections": 3,
"baseDNs": ["ou=people,o=jans"],
"loginAttributes": ["mail"],
"localLoginAttributes": ["mail"]
}
]
}
}
- MAX_LOGIN_ATTEMPT: Is the maximum failed login attempt before the user account is locked
- ENABLE_LOCK: true/false, this is use to enable the Account Lock feature
- LOCK_EXP_TIME: The time in seconds befor a locked account is unlock.
- useInternalLdapConfig: Specify which LDAP configuration to use.
truemeans that agama-ldap should use Jans Auth LDAP server configurations.falseallow to specify LDAP configurations inserverConfigsection. - serversConfig: One or more LDAP server configurations
These are sample setting for useInternalLdapConfig = true:
This project is licensed under the Apache 2.0