Skip to content

Instantly share code, notes, and snippets.

@steffenba

steffenba/cb_ad_config.md

Last active February 13, 2025 10:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save steffenba/4cf92fe320618fc4107b869e714f2edf to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save steffenba/4cf92fe320618fc4107b869e714f2edf to your computer and use it in GitHub Desktop.
Download ZIP
CloudBeaver Active Directory Configuration
Raw
cb_ad_config.md

Using Active Directory to authenticate to Cloudbeaver (CE)

This applies to Version (Dockerized) 24.3.2

Cloudbeaver does not document very well how to configure it to authenticate against an Active Diretory.

To do that, you have to edit the workspace/.data/.cloudbeaver.runtime.conf

The basic config looks like this:


    "authConfigurations": [
      {
        "id": "ldap",
        "provider": "ldap",
        "displayName": "LDAP",
        "disabled": false,
        "iconURL": "",
        "description": "",
        "parameters": {
          "ldap-host": "<your-ldap-server>",
          "ldap-port": "<ldap-port>",
          "ldap-dn": "OU=Users,OU=Site,DC=DC,DC=example,DC=com",
          "ldap-bind-user": "CN=binduser,OU=Users,OU=Site,DC=DC,DC=example,DC=com",
          "ldap-bind-user-pwd": "bindPw",
          "ldap-filter": "",
          "ldap-login": "sAMAccountName",
          "ldap-identifier-attr": "CN"
        }
      }
    ]

The Config level is the same as "app", "server", etc.

Important

As of the writing of this gist, the DNs and attribute names are case sensitive. That is why the ldap-identifier-attr is specifically defined as uppercase CN.

Often these are capital letters in AD. To verify exactly what you need to put here, please refer to ldapsearch.

Ldapsearch example

For MS AD: ldapsearch -x -W -H "ldap://<ldapserver>:<ldap-port>" -b "<basedn you wish to search your object in>" -D "<bind dn/authorized user>" "(sAMAccountName=<User you wish to display>)"

@sperling-ventum
Copy link

sperling-ventum commented Feb 13, 2025

Hi,
For finding out how this really works, have a look into https://github.com/dbeaver/cloudbeaver/blob/devel/server/bundles/io.cloudbeaver.service.ldap.auth/src/io/cloudbeaver/service/ldap/auth/LdapAuthProvider.java

Here a working example from our environment:

"authConfigurations": [
      {
        "id": "ldap",
        "provider": "ldap",
        "displayName": "LDAP",
        "disabled": false,
        "iconURL": "",
        "description": "Ventum User",
        "parameters": {
          "ldap-host": "xxx.ventum.at",
          "ldap-port": "389",
          "ldap-login": "sAMAccountName",
          "ldap-dn": "CN\u003dUsers,DC\u003dventum,DC\u003dat",
          "ldap-identifier-attr": "CN",
          "ldap-filter": "(sAMAccountName\u003d*)",
          "ldap-bind-user": "CN\u003dxxx,CN\u003dUsers,DC\u003dventum,DC\u003dat",
          "ldap-bind-user-pwd": "xxxxxxxxxxxxxxxxxxxxxx"
        }
      }
    ]

The important part to be able to login with your AD user is: "ldap-login": "sAMAccountName",

Cheers
Steffen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment