Overview
Configure Maverics to source attributes for claims, headers and authorization rules using LDAP protocol.
.png?sv=2022-11-02&spr=https&st=2025-05-05T17%3A01%3A18Z&se=2025-05-05T17%3A12%3A18Z&sr=c&sp=r&sig=YS95U2Er5NweplVzM2qjzGvLCRs56obVThdhyEzmLgM%3D)
Identity Fabric→LDAP Attribute Provider→Configure Identity Fabric→Select as attribute provider in user flow
Steps
Go to Identity Fabric and select LDAP attribute provider from list
Configure the Identity Fabric for your LDAP instance
Setup an attribute provider in a user flow
Select your LDAP identity fabric in the Attribute Provider section.
Select the Identity Provider that is being used for authentication
Select the attribute provided by the IDP that will be mapped to the OUD Search Key to look up attributes
Using it in a user flow
Authorization - select attributes from your LDAP provider for roles or attribute based policies
Claims & Headers - select attributes from your LDAP provider to be included in OIDC claims, SAML assertions, or Proxy App headers
Configure Identity Fabric
LDAP attribute providers only pull user attributes, groups, and other attributes using the LDAP protocol, and cannot be used as an identity provider or authentication service. Maverics requires the following information for LDAP attribute providers.
Use a Secret Provider
Production settings ought to implement a secret management system. Maverics connects with multiple secret management systems, which keep secrets that Orchestrator instances retrieve during startup. To cite a secret from your provider, enclose the name in angle brackets. (e.g. <app client-id>)
Learn more about Secret Providers
Attribute | Description | Example |
---|---|---|
Name | A friendly name for your LDAP attribute provider. |
|
URL | The URL of the LDAP server that Maverics connects with. |
|
Service Account Username | The username used to connect to the LDAP server. |
|
Service Account Password | The password used to connect to the LDAP server. | <examplePassword> |
Attribute Delimiter | (Optional) The delimiter used to separate multi-valued attributes. This field is only necessary if an attribute is multi-valued. If no value is provided, a default of "," will be used for the delimiter. |
|
Base DN | Specifies the location in which to perform the LDAP search. |
|
OUD Search Key | Key to filter on during query and bind operations. |
|
JSON deployed to an orchestrator
{
"connectors": [
{
"type": "ldap",
"enableAuthentication": true,
"usernameSearchKey": "uid",
"baseDN": "ou=Engineering,ou=People,dc=example,dc=com",
"authenticationSearchScope": "singleLevel",
"serviceAccountUsername": "cn=exampleUsername,dc=example,dc=com",
"serviceAccountPassword": "<examplePassword>"
}
]
}