Setup LDAP Authentication for PoolParty

Abstract

This configuration allows to change authentication for PoolParty to LDAP. Users can login with their LDAP credentials.

Users have to be created in PoolParty with the appropriate roles and groups.

Warning

You must create at least one user who has assigned PoolPartyUser as well as PoolPartySuperAdmin roles in PoolParty, which is also available in LDAP before you configure LDAP authentication.

The username must match the LDAP username!

STEP 1: Stop the PoolParty Server

STEP 2: Adapt the auth.xml File

Replace the content of the file with the sample configuration provided below. Find it in these paths, respectively:

GNU Linux: /opt/poolparty/config/auth.xml
Windows: C:\Users\Public\PoolParty\config\auth.xml

Change the variables {LDAP_SERVER_URLS}, {USER_DN} and {CUSTOM-DN} according to your LDAP server setup (see also the Spring - LDAP Authentication documentation).

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:ldap="http://www.springframework.org/schema/ldap"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                                 http://www.springframework.org/schema/ldap http://www.springframework.org/schema/ldap/spring-ldap.xsd
                 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd">
 
    <beans:bean id="pptLdapAuthenticationProvider" class="biz.poolparty.security.users.ldap.PPTLdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean id="authenticator" class="biz.poolparty.security.users.ldap.PPTLdapAuthenticator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:constructor-arg ref="ldapTemplate"/>
                <!-- Distinguish user name pattern || ou=people -->
                <beans:property name="dnPattern" value="{USER_DN}"/>  
                <!-- Distinguish custom property pattern (uid, employeeNumber, whatever) -->                   
                <beans:property name="caPattern" value="{CUSTOM_DN}"/>                
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
            <beans:bean id="authoritiesPopulator" class="org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="defaultUserDetailsService"/>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>
    <ldap:ldap-template id="ldapTemplate" context-source-ref="contextSource"/>
    <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <beans:constructor-arg value="{LDAP_SERVER_URLS}"/>
        <beans:property name="userDn" value="<USER-ALLOWED-TO-QUERY-LDAP>"/>
        <beans:property name="password" value="<PASSWORD>"/>                
    </beans:bean>
   
    <authentication-manager>
        <authentication-provider ref="pptLdapAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

STEP 3: Start the PoolParty Server

In this section: