Remote directories
EDA supports the use of external directories that the system can use to authenticate users who were not created locally on the system.
Note: Currently, EDA supports the configuration of remote directories
using the EDA API; the UI does not support the configuration of remote directories.
EDA supports:
- the configuration of up to five directories
- multiple directory types - KeyCloak supports Lightweight Directory Access Protocol (LDAP) and Active Directory
- the ability to indicate whether group assignment can be derived from directory and provide any directory-relevant configuration to assist with this mapping
- the ability to specify whether the directory is synchronized or queried every time. Additional configuration of the synchronization interval.
- read-only access, no support for write-back to directories (for password changes, for example).
When a remote directory is configured, system administrators can continue to create local users in EDA, but these newly created users are not pushed to the remote server. Directories are ordered and this order can be changed, for example, specifying that the system does local authentication first, and then query a directory if local authentication does not match.
EDA supports the configuration of the following attributes for a remote server:
- Type (LDAP)
- TLS (LDAPS)
- Bind credential
- Bind DN
- Timeout
- URL
- User search filter
- User object classes
- Username attribute
- User DN
- ID/UUID attribute
- Vendor
- Enabled
- Import
- Pagination
- Scope