Limiting Query Scope on AD

By default, the Lightweight Directory Access Protocol (LDAP) queries are performed on the entire Active Directory (AD).

To avoid unnecessary traffic across domains and return results promptly with maximum speed, limit the scope of active directory queries by adding the following app-settings keys in Vault:

  • for queries related to users, add the key core-setting-adauth-users-container
  • for queries related to groups, add the key core-setting-adauth-groups-container.

When AD authentication is enabled, the FintechOS Platform will use the values provided in the app-settings keys.

The keys are optional, if they are not provided the search will be performed on the entire directory.

Setting the users and groups containers in Vault secrets:

Key Path Key Name Key Value
kv/<environment>/<application>/app-settings core-setting-adauth-users-container OU=Utilizatori,DC=acme,DC=ro
kv/<environment>/<application>/app-settings core-setting-adauth-groups-container OU=Grupuri,DC=acme,DC=ro


In the example above, the LDAP queries will be performed against the following AD containers:


  • Organizational Unit (OU): Utilizatori
  • Domain Component (DC): ro


  • Organizational Unit (OU): Grupuri
  • Domain Component (DC): ro