Skip to content
← General

I suggest you ...

General

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Advanced LDAP Support

Plastic currently only supports basic LDAP integration.

In real-world scenarios, things aren't as clear cut and simple.
I propose extending LDAP support in the following ways:

  1. Support secure LDAP (LDAPs). Including self-signed certificates on the LDAPs server.
  2. Ability to specify Root DN.
  3. Ability to specify User search Base.
  4. Ability to specify User search filter (ie, something like sAMAccountName={0}).
  5. Ability to Specify Group Search Base.
  6. Ability to Specify Group Search Filter ((& (cn={0}) (objectclass=group) ))
  7. Group Membership definitions (can optimize with memberOf property).
  8. Configurable Local Caching of credentials, TTL etc ....
47 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Chong Yan shared this idea  ·   ·  Report…  ·  Admin →
completed  ·  AdminCodice Software (CEO / Founder, plasticscm) responded  · 

Hi,

We have released the following task. it’s compatible with the new .NET Core Plastic server:

[New] 9.0.16.4227

Server: secure LDAP connections now supported on port 636

We added support to the Plastic server for SSL connections to your LDAP server.

Configure your server (using the “plasticd configure” command, or the web based administration tool) to switch the LDAP port from 389 to 636 to take advantage of a secure connection to LDAP, assuming your LDAP server is configured to support this.

Regards,

Carlos.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminCodice Software (CEO / Founder, plasticscm) commented  ·   ·  Report

    Hi,

    We have released the following task. it's compatible with the new .NET Core Plastic server:

    [New] 9.0.16.4227

    Server: secure LDAP connections now supported on port 636

    We added support to the Plastic server for SSL connections to your LDAP server. Configure your server (using the "plasticd configure" command, or the web based administration tool) to switch the LDAP port from 389 to 636 to take advantage of a secure connection to LDAP, assuming your LDAP server is configured to support this.

    Regards,

    Carlos.

  • Stuart commented  ·   ·  Report

    Plastic is at risk from a corporate security policy without this.

  • Krzysztof commented  ·   ·  Report

    +1!

    #1-6 are a must have. Without this integrating Plastic with LDAP servers is very problematic for some setups. No support for LDAPS (LDAP Secure) or search filters is just shocking.

  • AndréM commented  ·   ·  Report

    LDAPS is very important for us (like HTTPS for everything)

  • Chong Yan commented  ·   ·  Report

    #7: I've noticed most LDAP connectors determine group membership by running additional queries after the user login query. This is pretty inefficient. Group membership can be inferred by simply parsing the memberOf property that comes with the login query (This is not standard on all LDAP servers, but tends to be on AD servers by default).

    #8: You probably don't want to query the LDAP server repeated for the same user logins. You can cache the credentials locally, and allow for much more responsive logins. The TTL setting allows you to fine tune how long to keep these cached credentials.