Hi ABP Team,
We have a requirement to integrate multiple LDAP endpoints for a single tenant in our ABP-based application. Use Case: Our tenant has LDAP servers in different regions/domains (e.g., ldap://eu.company.com and ldap://us.company.com), and we need users to authenticate against any of these endpoints.
Current Challenge: Based on our investigation, the default LDAP module appears to support only a single LDAP configuration per tenant. When we configure LDAP settings, it only connects to one endpoint.
Questions: Is there built-in support for configuring multiple LDAP endpoints per tenant in ABP ? If not, what would be the recommended approach to implement this? Should we extend LdapManager to iterate through multiple configurations? Is there an example or best practice you can share? Are there any plans to add multi-endpoint LDAP support in future versions? Any guidance or documentation would be greatly appreciated!
Thanks,
2 Answer(s)
-
0
ABP’s LDAP integration (the Account module LDAP external login provider) is designed around one LDAP configuration per tenant (a single “current” LDAP settings set). There is no built-in multi-endpoint / failover / multi-domain LDAP configuration for a single tenant.
Recommended approach (customization) is to replace/extend the LDAP authentication flow to try multiple endpoints in order:
- Model the endpoints as a tenant-level setting (or an entity) that stores a list (e.g., JSON array) of LDAP server definitions (Host, Port, UseSsl, BaseDn, Domain, etc.).
- Replace the service responsible for LDAP authentication/bind so it:
- Loads the tenant’s endpoint list,
- Iterates endpoints (EU first, then US, etc.),
- For each endpoint, attempts bind/authentication,
- Returns success on the first successful endpoint, otherwise fails after exhausting the list.
- Keep the existing “Enable LDAP Login” feature flag behavior intact, and only change the part that creates the LDAP connection / performs bind.
In ABP, this kind of change is typically done by replacing the related service via DI (using
[Dependency(ReplaceServices = true)]+[ExposeServices(...)]) rather than modifying framework/module code.About “extend
LdapManager”: conceptually yes (iterate through multiple configurations), but the robust way in ABP is to replace the concrete LDAP authentication/bind service that the Account LDAP provider uses, so the rest of the Account module remains unchanged.Plans/future versions: I couldn’t verify any official roadmap or issue stating that multi-endpoint-per-tenant LDAP is planned. No verified source available for that part.
Links I can verify as accessible right now:
- https://abp.io/docs/latest/framework/architecture/modularity/basics
- https://abp.io/docs/latest/framework/architecture/multi-tenancy
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
You can override the default
OpenLdapManager/LdapManagerto get multiple configurations for a single tenant.Thanks.
