LDAP
Configure how the ldap groups will be matched in AKHQ groups
akhq.security.ldap.groups: Ldap groups list- name: ldap-group-name: Ldap group name (same name as in ldap)groups: AKHQ group list to be used for current ldap group
Example using online ldap test server
Configure ldap connection in micronaut
micronaut:
security:
enabled: true
ldap:
default:
enabled: true
context:
server: 'ldap://ldap.forumsys.com:389'
managerDn: 'cn=read-only-admin,dc=example,dc=com'
managerPassword: 'password'
search:
base: "dc=example,dc=com"
groups:
enabled: true
base: "dc=example,dc=com"
If you want to enable anonymous auth to your LDAP server you can pass :
managerDn: ''
managerPassword: ''
In Case your LDAP groups do not use the default UID for group membership, you can solve this using
micronaut:
security:
enabled: true
ldap:
default:
search:
base: "OU=UserOU,dc=example,dc=com"
attributes:
- "cn"
groups:
enabled: true
base: "OU=GroupsOU,dc=example,dc=com"
filter: "member={0}"
Replace
attributes:
- "cn"
with your group membership attribute
Configure AKHQ groups and Ldap groups and users
micronaut:
security:
enabled: true
akhq:
security:
groups:
topic-reader:
name: topic-reader # Group name
roles: # roles for the group
- topic/read
attributes:
# List of Regexp to filter topic available for group
# Single line String also allowed
# topics-filter-regexp: "^(projectA_topic|projectB_.*)$"
topics-filter-regexp:
- "^projectA_topic$" # Individual topic
- "^projectB_.*$" # Topic group
connects-filter-regexp:
- "^test.*$"
consumer-groups-filter-regexp:
- "consumer.*"
topic-writer:
name: topic-writer # Group name
roles:
- topic/read
- topic/insert
- topic/delete
- topic/config/update
attributes:
topics-filter-regexp:
- "test.*"
connects-filter-regexp:
- "^test.*$"
consumer-groups-filter-regexp:
- "consumer.*"
ldap:
groups:
- name: mathematicians
groups:
- topic-reader
- name: scientists
groups:
- topic-reader
- topic-writer
users:
- username: franz
groups:
- topic-reader
- topic-writer