Hi experts,
Apigee provides LDAP policy, which can be used to determine if user is a valid LDAP user (authentication). Is there a way to use this LDAP policy to find our if user belongs to a specific LDAP role (authorization)? If not, any ideas how to implement such validation? Thank you in advance!
Yes, you can add the attributes in the LDAP policy, that attribute will be available in flow. Add this to search tags.
<Ldapname="LdapPolicy"> <!-- using a custom LDAP provider --> <LdapConnectorClass>com.custom.ldap.MyProvider</LdapConnectorClass> <LdapResource>MyLdap</LdapResource> <Search> <BaseDN></BaseDN><!-- default is dc=apigee,dc=com --> <SearchQuery>mail={request.header.mail}</SearchQuery> <Attributes> <Attribute>address</Attribute> <Attribute>phone</Attribute> <Attribute>title</Attribute> </Attributes> <Scope></Scope><!-- default is ‘subtree’ --> </Search> </Ldap>