%entities; ]>

The Simple LDAP authenticates connections against a Directory (LDAP). To create a SimpleLDAPAuthenticationProvider the following mandatory fields are required: LDAP server URL is the URL of the server, for example, ldaps://example.com:636 Search context is the distinguished name of the search base object. It defines the location from which the search for users begins, for example, dc=users,dc=example,dc=com Search filter is a DN template to find an LDAP user entry by provided user name, for example, (uid={0}) Additionally, the following optional fields can be specified: LDAP context factory is a fully qualified class name for the JNDI LDAP context factory. This class must implement the InitialContextFactory interface and produce instances of DirContext. If not specified a default value of com.sun.jndi.ldap.LdapCtxFactory is used. LDAP authentication URL is the URL of LDAP server for performing "ldap bind". If not specified, the LDAP server URL will be used for both searches and authentications. Truststore name is a name of configured truststore. Use this if connecting to a Directory over SSL (i.e. ldaps://) which is protected by a certificate signed by a private CA (or utilising a self-signed certificate). In order to protect the security of the user's password, when using LDAP authentication, you must: Use SSL on the broker's AMQP, HTTP and JMX ports to protect the password during transmission to the Broker. The Broker enforces this restriction automatically on AMQP and HTTP ports. Authenticate to the Directory using SSL (i.e. ldaps://) to protect the password during transmission from the Broker to the Directory. The LDAP Authentication Provider works in the following manner. If not in bind without search mode, it first connects to the Directory and searches for the ldap entity which is identified by the username. The search begins at the distinguished name identified by Search Context and uses the username as a filter. The search scope is sub-tree meaning the search will include the base object and the subtree extending beneath it. If the search returns a match, or is configured in bind without search mode, the Authentication Provider then attempts to bind to the LDAP server with the given name and the password. Note that simple security authentication is used so the Directory receives the password in the clear.