LDAP Authentication
The LDAP Authentication configuration category includes the following configurable options:
Authentication: User Attributes to query
Authentication: User Base DN
Authentication: User Query
Require Group DN
Base DN for Groups
Search Groups Recursively
System User DN
System User Password
LDAP Server URL
Global Permissions
Native Permission User Attribute
User Attribute: Family Name
User Attribute: Given Name
|
|
Authentication: User Attributes to query |
|
|
|
| STRING | |
| If set, provides a space-separated list of attributes to query. Default empty which includes all static attributes. | |
|
|
| (no default) | |
|
|
|
Authentication: User Base DN |
|
|
|
| STRING | |
| When authenticating users, this is the base DN used to attempt to bind the user. | |
|
|
| (no default) | |
|
|
|
Authentication: User Query |
|
|
|
| STRING | |
| This query is used to locate the authenticating user in order to attempt a bind. | |
|
|
userPrincipalName={0}
|
|
|
|
|
Require Group DN |
|
|
|
| STRING | |
| If set, specifies the DN for a required group. Any authenticating users will only be permitted to authenticate if they are a member of this group. | |
|
|
| (no default) | |
|
|
|
Base DN for Groups |
|
|
|
| STRING | |
| The DN to use when searching for groups. | |
|
|
| (no default) | |
|
|
|
Search Groups Recursively |
|
|
|
| BOOLEAN | |
If enabled, searching for groups will occur at any level below the value of groups.basedn and not just directly under that level.
|
|
|
|
false
|
|
|
|
|
System User DN |
|
|
|
| STRING | |
| The identity for the user account that Smile CDR will use for system operations. | |
|
|
| (no default) | |
|
|
|
System User Password |
|
|
|
| PASSWORD | |
| The password for the user account that Smile CDR will use for system operations. | |
|
|
| (no default) | |
|
|
|
LDAP Server URL |
|
|
|
| STRING | |
The URL to connect to the LDAP server (e.g. ldap://example.com:389).
|
|
|
|
| (no default) | |
|
|
|
Global Permissions |
|
|
|
| STRING | |
A comma separated list of permissions to grant all users who authenticate using this module (e.g. ROLE_FHIR_CLIENT, FHIR_READ_ALL_IN_COMPARTMENT/Patient/123).
|
|
|
|
| (no default) | |
|
|
|
Native Permission User Attribute |
|
|
|
| STRING | |
| If specified, this user attribute will be treated as having native Smile CDR permission strings that will be granted to users. | |
|
|
smileCdrPermission
|
|
|
|
|
User Attribute: Family Name |
|
|
|
| STRING | |
| The name of the LDAP User Attribute from which to read the user's family (last) name. | |
|
|
sn
|
|
|
|
|
User Attribute: Given Name |
|
|
|
| STRING | |
| The name of the LDAP User Attribute from which to read the user's given (first) name. | |
|
|
givenName
|
|
|