Skip to content
/ agama-ldap Public

Agama Project for LDAP authentication with TLS and clustering

License

Apache-2.0 license
0 stars 2 forks Branches Tags Activity
Star

GluuFederation/agama-ldap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
code
code
 
 
lib
lib
 
 
web
web
 
 
Agama-LDAP-PW-sequence.png
Agama-LDAP-PW-sequence.png
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.json
config.json
 
 
logo.png
logo.png
 
 
project.json
project.json
 
 

Repository files navigation

Contributors Forks Stargazers Issues Apache License

Gluu agama-ldap

Welcome to the https://github.com/GluuFederation/agama-ldap project. This project is governed by Gluu and published under an Apache 2.0 license. It provides various flows to password authenticate a person.

Password authentication is still useful ! ! !

This is also a great project to fork if you want to write a “Hello World” Agama project.

Implementations

  • Jans Auth Server
  • Gluu Flex

Flow: One-step password authn

This is the classic combined username / password form authentication workflow. The sequence diagram below shows the good flow.

agama-ldap sequence diagram image Source

Flow Configuration

Below is a typical agama-ldap flow

{
  "org.gluu.agama.ldap.pw.main": {
      "lockConfig": {
          "MAX_LOGIN_ATTEMPT": 6,
          "ENABLE_LOCK": true,
          "LOCK_EXP_TIME": 180
      },
      "useInternalLdapConfig": false,
      "serversConfig": [
          {
              "configId": "ad_1",
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "servers": ["localhost:1389"],
              "maxConnections": 3,
              "useSSL": false,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["uid"],
              "localLoginAttributes": ["uid"]
           },
           {
              "configId": "ad_2",
              "servers": ["localhost:2389"],
              "bindDN": "cn=directory manager",
              "bindPassword": "encoded_password/plain_passowrd",
              "useSSL": false,
              "maxConnections": 3,
              "baseDNs": ["ou=people,o=jans"],
              "loginAttributes": ["mail"],
              "localLoginAttributes": ["mail"]
           }
       ]
  }
}
  • MAX_LOGIN_ATTEMPT: Is the maximum failed login attempt before the user account is locked
  • ENABLE_LOCK: true/false, this is use to enable the Account Lock feature
  • LOCK_EXP_TIME: The time in seconds befor a locked account is unlock.
  • useInternalLdapConfig: Specify which LDAP configuration to use. true means that agama-ldap should use Jans Auth LDAP server configurations. false allow to specify LDAP configurations in serverConfig section.
  • serversConfig: One or more LDAP server configurations

TUI sample settings:

These are sample setting for useInternalLdapConfig = true:

tui_ldap_1 tui_ldap_2

Note: The user must exist in both your local database and the remote LDAP server. If the user exists only in the remote LDAP, you can use the Jans Link service to synchronize their data to the local database.

License

This project is licensed under the Apache 2.0

About

Agama Project for LDAP authentication with TLS and clustering

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

17 watching

Forks

2 forks
Report repository

Releases 2

v1.0.2 Latest
Aug 28, 2025
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages