Skip to content

Agama Project for LDAP authentication with TLS and clustering

License

Notifications You must be signed in to change notification settings

yuremm/agama-ldap

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Contributors Forks Stargazers Issues Apache License

Gluu agama-ldap

Welcome to the https://github.com/GluuFederation/agama-ldap project. This project is governed by Gluu and published under an Apache 2.0 license. It provides various flows to password authenticate a person.

Password authentication is still useful ! ! !

This is also a great project to fork if you want to write a “Hello World” Agama project.

Implementations

  • Jans Auth Server
  • Gluu Flex

Flow: One-step password authn

This is the classic combined username / password form authentication workflow. The sequence diagram below shows the good flow.

agama-ldap sequence diagram image Source

Flow Configuration

Below is a typical agama-ldap flow

{
  "org.gluu.agama.ldap.pw.main": {
      "lockConfig": {
          "MAX_LOGIN_ATTEMPT": 6,
          "ENABLE_LOCK": true,
          "LOCK_EXP_TIME": 180
      },
      "useInternalLdapConfig": false,
      "serversConfig": [
          {
              "configId": "ad_1",
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "servers": ["localhost:1389"],
              "maxConnections": 3,
              "useSSL": false,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["uid"],
              "localLoginAttributes": ["uid"]
           },
           {
              "configId": "ad_2",
              "servers": ["localhost:2389"],
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "useSSL": false,
              "maxConnections": 3,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["mail"],
              "localLoginAttributes": ["mail"]
           }
       ]
  }
}

  • MAX_LOGIN_ATTEMPT: Is the maximum failed login attempt before the user account is locked
  • ENABLE_LOCK: true/false, this is use to enable the Account Lock feature
  • LOCK_EXP_TIME: The time in seconds befor a locked account is unlock.
  • useInternalLdapConfig: Specify which LDAP configuration to use. true means that agama-ldap should use Jans Auth LDAP server configurations. false allow to specify LDAP configurations in serverConfig section.
  • serversConfig: One or more LDAP server configurations

TUI sample settings:

These are sample setting for useInternalLdapConfig = true:

tui_ldap_1 tui_ldap_2

License

This project is licensed under the Apache 2.0

About

Agama Project for LDAP authentication with TLS and clustering

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 93.5%
  • CSS 6.5%