Ends in:
2 DAYS
21 HRS
1 MIN
59 SEC
Ends in:
2 D
21 H
1 M
59 S

LDAP External Login Provider

Introduction

You must have an ABP Team or a higher license to use this module & its features.

The Identity PRO module has built-in LdapExternalLoginProvider and OpenLdapManager services. It implements LDAP authentication and gets user info for external login.

The cross-platform LdapForNet library is used for Windows LDAP authentication. See LdapForNet GitHub repository for more information.

You must have an ABP Team or a higher license to use this module & its features.

How to enable LDAP external login?

You need to enable the LDAP login feature and configure related settings.

enable-ldap-feature

configure-ldap-setting

Then you can enter the LDAP username and password on the login page for external login.

ldap-login

Customize built-in services

The default OpenLdapManager service uses $"cn={userName},{BaseDc}" to normalize user name, and use $"(&(uid={userName}))" to search for users, use mail as attribute name to get email.

The value of BaseDc is the setting of the "Base domain component".

If your username has a prefix or a specific format, you can override the NormalizeUserNameAsync method of OpenLdapManager to handle it. You can also customize the GetUserFilterAsync and GetUserEmailAsync methods.

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OpenLdapManager), typeof(ILdapManager), typeof(LdapManager))]
public class VoloOpenLdapManager : OpenLdapManager
{
    public VoloOpenLdapManager(ILdapSettingProvider ldapSettingProvider)
        : base(ldapSettingProvider)
    {

    }

    protected override async Task<string> NormalizeUserNameAsync(string userName)
    {
        // or "userName@domain 
        // await LdapSettingProvider.GetDomainAsync()
        return Task.FromResult($"Volo\\{userName}");
    }

    protected override Task<string> GetUserFilterAsync(string userName)
    {
        // Default is $"cn={userName},{LdapOptions.BaseDc}"
        return return Task.FromResult($"(&(objectClass=user)(sAMAccountName={userName}))");
    }

    protected override Task<string> GetUserEmailAsync(LdapEntry ldapEntry)
    {
        return Task.FromResult(ldapEntry.ToDirectoryEntry().GetAttribute("mail")?.GetValue<string>());
    }
}

Besides, $"uid={userName}, {BaseDc}" is used in the built-in LdapExternalLoginProvider service to normalize the username; you have to change it together.

public class VoloLdapExternalLoginProvider : LdapExternalLoginProvider
{
    public VoloLdapExternalLoginProvider(
        IGuidGenerator guidGenerator,
        ICurrentTenant currentTenant,
        IdentityUserManager userManager,
        IIdentityUserRepository identityUserRepository,
        OpenLdapManager ldapManager,
        ILdapSettingProvider ldapSettingProvider,
        IFeatureChecker featureChecker,
        ISettingProvider settingProvider,
        IOptions<IdentityOptions> identityOptions)
        : base(guidGenerator,
            currentTenant,
            userManager,
            identityUserRepository,
            ldapManager,
            ldapSettingProvider,
            featureChecker,
            settingProvider,
            identityOptions)
    {

    }

    protected override async Task<string> NormalizeUserNameAsync(string userName)
    {
        // Default is $"uid={userName}, {BaseDc}"
        // or "userName@domain 
        // await LdapSettingProvider.GetDomainAsync()
        return Task.FromResult($"Volo\\{userName}");
    }
}

Replace the default implementation with VoloLdapExternalLoginProvider.

public override void ConfigureServices(ServiceConfigurationContext context)
{
    //...
    Configure<AbpIdentityOptions>(options =>
    {
        options.ExternalLoginProviders.Remove(LdapExternalLoginProvider.Name);
        options.ExternalLoginProviders.Add<VoloLdapExternalLoginProvider>(LdapExternalLoginProvider.Name);
    });
    //...
}

LDAP test application

Testing the LDAP configuration using your ABP application might be time-consuming. The following simple Dotnet Console App is for testing your LDAP configuration. Before configuring your LDAP settings, you can test the information via this app to see if it works.

ABP Ldap Test Application

Contributors


Last updated: July 31, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

What’s New with .NET 9 & ABP 9?

21 Nov, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More