LDAP Policy can be used when the user needs to be authenticated and limit the access to protected resources to certain users. The policy is also designed for retrieving DN (Digital Number) metadata for use in API proxy flows.
For example, you can have an API call execute only when a user is successfully authenticated against LDAP; and then optionally retrieve DN attributes for the user after authentication succeeds.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: LDAP Policy Configuration attributes (for Authentication policy type)
Property | Description |
|---|---|
| LDAP Connector Class | When using the LDAP Policy with a custom LDAP provider, specify the fully qualified LDAP connector class. That’s the class in which you implemented LDAPConnectionProvider interface. If it is set to default, built-in LDAP connector will be used. |
| LDAP Resource | Select the LDAP resource. See Create an LDAP resource for more information. |
| LDAP Policy Type | The functionalities of LDAP Policy are:
Policy configuration based on Policy Types are explained in a later section. |
| User Name | Username against which authentication is done. |
| Password | Password attached to the user name. |
| SearchQuery | Applicable for the following Policy Types:
|
| BaseDN | The base level of LDAP under which all of your data exists. |
| LDAP Scope | LDAP scopes are:
|
| Additional Attributes | Attributes that need to be retrieved on searching. Refer Additional Attributes section for detailed information. |
Edit 
button against the Policies tab helps to rename the policy ID, that is, the policy name appearing under Policies.