Connect BKG NtripCaster to LDAP using LDAP authentication

[jrocamora@…]

Dear BKG team,

We are trying to integrate our BKG NtripCaster V2.0.47 with an LDAP server using simple LDAP authentication (i.e. providing the bind DN and bind password) but we don't know if the BKG supports the LDAP bind authentication and in this case how to configure it. We have tried several options using the configuration ldap parameters included in the ntripcaster.conf but we couldn't make it work.

For us this is relevant as, due to cybersecurity constraints, the anonymous access to the LDAP server is not permitted and we need to integrate our external caster with a LDAP directory for managing the access of external users to our Galileo Ntrip service.

Thank you in advance!!
Jorge

[anonymous]

Hi!

Just as a proposal, taking as a reference the configuration of LDAP of services like Grafana (​https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/ldap/#grafana-ldap-configuration) normally you'd have something like this:

• ldap_bind_dn: Search user for bind dn
• ldap_bind_password: Search user bind password
• ldap_base_dn: Address of the root object in the LDAP directory
• ldap_search_filter: User search filter (e.g. "(uid=%s)")

On this way, you don't require that users bind to the LDAP directory and use a unique bind credentials.

Optionally, some useful additional options:

• ldap_group_attribute: The ldap attribute containing the groups the users are members of (default: memberOf).
• ldap_use_tls
• ldap_ca_cert
• ldap_tls_skip_verify

Another useful feature would be that only users with password set to "*" are validated against LDAP, while non-"*" users are treated as local users (e.g. typical user used for scrapping metrics with prometheus).