LDAP

The Lightweight Directory Access Protocol (LDAP) is a software protocol that enables anyone to locate data about organizations, individuals, and other resources within a network, either on the public internet or company intranet. LDAP is commonly used to store usernames and passwords for authentication services. DolphinDB offers an LDAP plugin designed to search for entry information within an LDAP server, enabling third-party LDAP authentication logins in DolphinDB.

Installation (with installPlugin)

Required server version: DolphinDB 2.00.10 or higher

Supported OS: Linux x86-64.

Installation Steps:

(1) Use listRemotePlugins to check plugin information in the plugin repository.

Note: For plugins not included in the provided list, you can install through precompiled binaries or compile from source. These files can be accessed from our GitHub repository by switching to the appropriate version branch.

login("admin", "123456")
listRemotePlugins(, "http://plugins.dolphindb.com/plugins/")

(2) Invoke installPlugin for plugin installation.

installPlugin("LDAP")

(3) Use loadPlugin to load the plugin before using the plugin methods.

loadPlugin("LDAP")

Method References

Configuration Instructions

1. Upload the plugin and configure it to load on startup

Upload the attached plugin archive to the server and extract it to <DolphinDB_installation_directory>/plugins.

In the Web Interface, set the preloadModules value to plugins::LDAP in both the Controller Config and Nodes Config. If preloadModules has been previously configured, separate the existing values with a comma.

2. Restart the cluster and define the login function view

Input parameters:

  • username: STRING type.
  • password: STRING type.

Return Value:

ANY VECTOR type. The first element is the DolphinDB account username and the second element is the DolphinDB account password.

search method is required to connect to the LDAP Server to obtain the DolphinDB account username and password for login logic.

// Load the LDAP plugin
try { loadPlugin("plugins/LDAP/PluginLDAP.txt") } catch(err) { print(err) }
go

// Define a function with the same first two parameters as the login function
def ldap_login(username, password) {

    // Exclude the super admin account
    if (username == "admin") {
        return [username, password]$ANY
    }

    // Query entry based on input parameters
    ret = LDAP::search("ldap://192.168.100.43","cn=ldapadm,dc=sample,dc=com", password, "dc=sample,dc=com", "(cn=" + username + ")")

    // Find the entry with the same name
    dn = "cn=" + username + ",dc=sample,dc=com"

    // Note: The return value must be a vector of type ANY
    // Set the account's facsimileTelephoneNumber attribute to admin
    // add the telephoneNumber attribute to 123456
    return [ret[dn]["facsimileTelephoneNumber"], ret[dn]["telephoneNumber"]]$ANY
}

// Add the function view
addFunctionView(ldap_login)

Note:

  1. This view must be configured to be visible only to the admin account.
  2. This view should include logic to exclude users who do not require LDAP authentication (e.g., super admin). For these users, they can directly return the input username and password, or return an empty vector.
  3. The dn parameter of the search method should be constructed based on the username input.
  4. The password parameter of the search method should be based on the password input.
  5. The filter parameter of the search method should use the username input to filter and search for the specific user under the searchBase.
  6. The actual password used is the one stored in LDAP. Any fixed value from the LDAP attributes can be used as the DolphinDB password.
  7. To create a non-existent user, first log in as the super admin (refer to Note 2), create a new user, and then log in.

3. Configure LDAP authentication on controller nodes

Shut down the cluster and modify the thirdPartyAuthenticator value in the controller.cfg file on all controller nodes to the function view ldap_login. For details of thirdPartyAuthenticator, refer to Standalone Mode.

preloadModules=plugins::LDAP
thirdPartyAuthenticator=ldap_login

4. Restart the cluster and log in with LDAP account

login("ldapadm", "DolphinDB123@3");