starred/cloudbeaver
1
0
Fork 0
mirror of https://github.com/dbeaver/cloudbeaver.git synced 2026-03-04 08:52:27 -05:00
Code Issues 420 Projects Packages Wiki Activity
Page: LDAP Authentication
Pages
API and integration AWS Cloud explorer AWS IAM AWS OpenID Authentication AWS OpenID database access via Okta AWS Overview AWS SAML database access via Okta AWS Settings Access to an existing database connection with a link Accessibility Guide Adding new database drivers Admin Password Recovery Administration Users Provisioning Administration Anonymous Access Configuration Authentication Database Native Authentication Microsoft Entra ID Authentication MongoDB Authentication Oracle Wallet Authentication PostgreSQL Pgpass Authentication Salesforce Authentication methods Auto and Manual commit modes Azure Permissions Basic operations Build and deploy Client Side Scripting Cloud Explorer Cloud Storage CloudBeaver AWS deployment on the AWS Marketplace CloudBeaver Community deployment from docker image CloudBeaver Community deployment in Google Cloud CloudBeaver Community deployment in Microsoft Azure CloudBeaver Community deployment on the AWS Marketplace CloudBeaver Deployment CloudBeaver Enterprise Update CloudBeaver Enterprise deployment from docker compose CloudBeaver Enterprise deployment from docker image CloudBeaver Enterprise deployment in AWS CloudBeaver Enterprise deployment in Google Cloud CloudBeaver Enterprise deployment in Microsoft Azure CloudBeaver Enterprise CloudBeaver SSL certificate configuration CloudBeaver Styling components CloudBeaver Workspace Backup CloudBeaver and Nginx CloudBeaver customer technical support information CloudBeaver localization CloudBeaver overview CloudBeaver release cycles Code of Conduct Cognito OpenID Authentication Command line parameters Configuring HTTPS for Jetty server Configuring server datasources Connect Tableau to a database using DBeaver Proxy Driver Connection Management Connection Templates Management Connection configuration Contribute your code Create Connection Custom Plugin DB Navigator Settings menu DB Navigator folders DB Navigator toolbar DBeaver Proxy driver Data Filters Data Ordering Data editor Data export Data import Database Navigator Database Object Editor Database driver CSV Database driver Files MultiSource Database driver JSON Database driver Parquet Database driver XLSX Database driver XML Demo Server Develop in Eclipse Develop in IDEA Develop in VS Code Differences between license types Domain Manager Driver management Drivers Management Entity Diagrams FAQ File based driver properties Frontend development guidelines Frontend technical overview Generate API access token Getting started Global Permissions Google authentication GraphQL API overview Grouping Panel Home How to Import License How to Migrate your CloudBeaver Enterprise Workspace How to Reassign License How to Update License How to access query history database How to change Java security properties How to connect DBeaver or CloudBeaver to PostgreSQL on a separate VM in Azure Initial data configuration JSON and Document View JWT authentication Kerberos Authentication LDAP Authentication Local Access Authentication Local Preferences Log Viewer Log customization Managing Charts Managing Preferences Managing cloud deployed services Microsoft Entra ID authentication Multi server license Multiple Server URLs NTLM User Authentication Okta OpenID Authentication OpenID Package localization Password policy Plugin system Pre configured permissions for connections Product configuration parameters Product settings authentication Product settings connections Product settings data export Product settings data spreadsheet Product settings erd Product settings navigation tree Properties Editor Proxy Configuration Query Execution Plan Query History Query Manager Query manager database configuration Resource Loading Resource Manager Result Details Panel Reverse proxy header authentication Run GraphQL requests from CLI SAML SQL Assist and Auto Complete SQL Editor SQL Formatting SSH Configuration SSL Configuration Search and Replace Secret Providers Security in CloudBeaver Server API explorer Server Architecture Server Database Server Output Server configuration administration Server configuration Session Manager Settings Shortcuts Simple and Advanced View Single Sign On Snowflake OpenID database access via Okta Supported databases Teams User credentials storage Users Value Panel Visual Query Builder WebSockets Working with spatial GIS data Workspace Location Workspace on AWS and S3 Storage
16 LDAP Authentication
dbeaver-devops edited this page 2026-01-06 09:16:43 +00:00
Table of Contents

Table of contents

LDAP (Lightweight Directory Access Protocol) is a protocol designed to manage and access distributed directory information services over an Internet Protocol network. LDAP is used to store and retrieve data in a hierarchical directory structure, such as usernames and passwords, organizational units, and configuration settings. It facilitates directory management and authentication processes, allowing for a centralized approach to maintaining user credentials and policy settings.

For comprehensive guidance on configuring and managing LDAP, refer to the official LDAP documentation.

Configuration steps

Step 1: Enabling LDAP Authentication

  1. As an administrator, go to Settings -> Server Configuration.

  2. Find and activate the LDAP option in the Configuration section.

  3. Save the changes.

Step 2: Adding an Identity Provider

  1. As an administrator, navigate to Settings -> Identity Providers.

  2. Click on the + Add button.

  3. Fill in the following fields:

    Field Description Parameters used to configure LDAP in the CloudBeaver Community
    Provider Select LDAP from the dropdown menu.
    ID Enter a unique identifier for the configuration.
    Configuration name Enter a descriptive name for this configuration.
    Description (Optional) Provide a brief description of this identity provider configuration.
    Icon URL (Optional) Enter the URL of an icon to represent this provider.
    Disabled (Optional) Leave unchecked to enable this identity provider.
    Host Enter the server hostname or IP address where LDAP authentication is handled. ldap-host: ""
    Port Specify the port number used for LDAP communication. Default port is 389 for standard mode, 636 for SSL. If your server uses a Global Catalog, we generally recommend using 3268 (standard) or 3269 (SSL), if those ports are available in your environment. ldap-port: ""
    User identifier attribute Enter the attribute used to uniquely identify LDAP users in their Distinguished Name (DN). Default value in PRO versions is cn. ldap-identifier-attr: ""
    Base Distinguished Name (Optional) Enter the Base Distinguished Name (DN) for LDAP queries. It should be in the format appropriate for your LDAP directory, such as dc=example,dc=com. If not explicitly specified, this value will be automatically appended to the end of the User DN during authorization. ldap-dn: ""
    Bind User DN (Optional) Enter the Distinguished Name (DN) of the user who has permissions to search for entries (e.g., users) in the directory. This user will be used to verify access to the application with the specified filter. The bind user is required if you want to log in with something other than the full DN. ldap-bind-user: ""
    Bind User Password (Optional) Enter the password associated with the Bind User DN account. Bind User DN and Bind User Password are both mandatory if you want to log in with something other than the full DN. ldap-bind-user-pwd: ""
    User Filter (Optional) Specify the criteria for searching user entries. The filter must always be written in parentheses. Logical operators are supported. Bind User DN and Bind User Password must be configured for this field to work. ldap-filter: "()"
    User login parameter (Optional) Enter the LDAP attribute to be used as the user login. The attribute must be unique. This parameter enables users to log in with the specified LDAP attribute (such as sAMAccountName). Bind User DN and Bind User Password must be configured for this field to work. ldap-login: ""
    Enable SSL (Optional) Set to true to enable SSL encryption for LDAP communication. ldap-enable-ssl: true
    Certificate (PEM format) (Optional) Provide the SSL certificate in base64 format to trust the LDAP server. ldap-ssl-cert: ""
    Referral handling (Optional) Define how LDAP referrals to other servers are handled, for example when part of your directory (e.g., dc=us) is stored on another domain controller. Use follow to follow referrals to other domains, or ignore to skip them. Default is ignore. "ldap-referral": "ignore"
    First name field (Optional) Enter the name of the LDAP attribute used for the user's first name (e.g., fn). This attribute will be automatically detected during user provisioning.
    Last name field (Optional) Enter the name of the LDAP attribute used for the user's last name (e.g., ln). This attribute will be automatically detected during user provisioning.

  4. Click on the Create button.

    Tip: You can specify organizational units within the Base Distinguished Name to streamline access, such as ou=unit1,dc=example,dc=com. These can be set during the Identity Provider setup or during login in CloudBeaver. For automatic mapping of Teams to LDAP groups, fill in the LDAP Group name field. Use the cn attribute containing one of the following: memberOf, member, uniqueMember, or gidNumber. For example, if you specify cn=groupName in LDAP Group name, only users whose member attribute is listed in cn=groupName will be mapped.

Step 3: Logging in

  1. With the LDAP configuration now established, proceed to the login screen.

  2. Select the LDAP authentication method.

  3. In the User login field, enter the Distinguished Name (DN) of the user who is logging in. This specifies the exact entry within the LDAP directory associated with your user account.

    Tip: If the User login parameter was configured during the setup, you can alternatively enter the value of the specified login attribute instead of the full User DN.

  4. Enter your User password in the corresponding field to authenticate.

    Note

    : If the Base Distinguished Name was specified during the setup of your LDAP configuration, it will be automatically appended to the User DN if not explicitly included. This can simplify the login process, especially when managing multiple users.

  5. After entering the required information, click Login to access the application.

Configuration steps for CloudBeaver Community Edition

In CloudBeaver Community Edition, configuration settings are not accessible through the user interface (UI). Instead, settings must be configured directly within the workspace configuration file.

Steps to configure LDAP in Community Edition:

  1. As an administrator, go to Settings -> Server Configuration and activate the LDAP option in the Configuration section.

  2. Locate either the .cloudbeaver.runtime.conf file to configure LDAP for the current workspace or the .cloudbeaver.conf file to set the LDAP provider for all newly created workspaces. More details can be found in the server configuration guide.

  3. Open the file with a text editor to modify or add LDAP configurations.

  4. Insert the following configuration snippet into your configuration file under the app.authConfigurations section. Adjust the parameters according to your LDAP server details.

    "authConfigurations": [
      {
        "id": "ldap",
        "provider": "ldap",
        "displayName": "LDAP",
        "disabled": false,
        "iconURL": "",
        "description": "",
        "parameters": {
          "ldap-host": "ldap.example.com",
          "ldap-port": "1389",
          "ldap-login": "AttributeName"
          "ldap-dn": "ou=users,dc=company,dc=com",
          "ldap-enable-ssl": true,
          "ldap-ssl-cert": "your_cert_in_base64_format",
          "ldap-referral": "ignore",
          "ldap-identifier-attr": "cn",
          "ldap-bind-user": "cn=serviceAccount1,ou=serviceAccounts,dc=company,dc=com",
          "ldap-bind-user-pwd": "serviceAccount1password",
          "ldap-filter": "(givenName=*)"
        }
      }
    ]

    Important: Ensure that the provider is set to ldap.

  5. After editing the configuration file, restart CloudBeaver for the changes to take effect.

  6. Log in.

CloudBeaver Documentation

CloudBeaver - Web Database Manager