LDAP Policy can be used when the user needs to be authenticated while limiting the access to protected resources for certain users. The policy is also designed for retrieving Digital Number (DN) metadata for use in API proxy flows.
For example, an API call may be executed only after a user gets successfully authenticated against LDAP. Then DN attributes may be retrieved optionally for the user after the authentication succeeds.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: LDAP Policy Configuration attributes (for Authentication policy type)
Property | Description |
|---|---|
| LDAP Connector Class | When using the LDAP Policy with a custom LDAP provider, specify the fully qualified LDAP connector class. This is the class in which LDAPConnectionProvider interface is implemented. If set to default, the built-in LDAP connector will be used. |
| LDAP Resource | Select the LDAP resource. Refer to Using LDAP Policy for more information. |
| LDAP Policy Type | The functionalities of LDAP Policy are:
Policy configuration based on Policy Types are explained in the next sections. |
| User Name | Username against which authentication is done. |
| Password | Password attached to the user name. |
| SearchQuery | Applicable for the following Policy Types:
|
| BaseDN | The base level of LDAP under which all data exists. |
| LDAP Scope | LDAP scopes are:
|
| Additional Attributes | Attributes that need to be retrieved upon a search. Refer to the Additional Attributes section for detailed information. |
Edit 
button in the Policies tab helps to rename the policy ID (the policy name that appears under Policies).