# LDAP

{% hint style="info" %}
This is an older version of the document. To view the most recent version of the document, click [here](https://docs.opsmx.com/products/orchestration-module-opsmx-enterprise-for-spinnaker-oes/additional-feature-configuration/secure-spinnaker/authorization/user-role-providers/ldap).
{% endhint %}

## Setup LDAP Authorization for Spinnaker <a href="#setup-ldap-authorization-for-spinnaker" id="setup-ldap-authorization-for-spinnaker"></a>

### LDAP Authorization Overview <a href="#ldap-authorization-overview" id="ldap-authorization-overview"></a>

* Groups from an LDAP directory, one can use a manager’s username/password to bind and search a user’s group.

### User DNs Pattern <a href="#user-dns-pattern" id="user-dns-pattern"></a>

* While searching for a user’s groups, can use 'userDnPattern' to construct the user’s full distinguished name (DN). In the case below, the user would have a full DN of 'uid=,ou=users,dc=,dc=<.com/.net>'.
* The search would be rooted at 'ou=groups,dc=,dc=net', looking for directory entries that include the attribute 'uniqueMember=uid=,ou=users,dc=,dc=<.com/.net>', which is the structure for the 'groupOfUniqueNames' group standard.
* Group/rolename can be extracted by using the 'groupRoleAttribute'. For example, all entries that pass the filter will then have the cn (common name) attribute returned.

### Configure LDAP Auth using Halyard <a href="#configure-ldap-auth-using-halyard" id="configure-ldap-auth-using-halyard"></a>

* Use Halyard to Fiat, to setup the LDAP manager credentials and search patterns

  ```
  hal config security authz ldap edit \
  --url ldaps://<ldap.mydomain.net>:636/dc=mydomain,dc=net \
  --manager-dn uid=admin,ou=system \
  --manager-password \
  --user-dn-pattern uid={0},ou=users \
  --group-search-base ou=groups \
  --group-search-filter "(uniqueMember={0})" \
  --group-role-attributes cn
  ```
* Now edit the security authorization type, using the below command

  ```
  hal config security authz edit --type ldap
  ```
* Enable, LDAP authorization using the below command

  ```
  hal config security authz enable
  ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-context-graph-and-data-fabric/additional-resources/previous-releases/isd-3.10/orchestration-module-opsmx-enterprise-for-spinnaker-oes/additional-feature-configuration/secure-spinnaker/authorization/user-role-providers/ldap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.