Limiting Query Scope on AD
By default, the Lightweight Directory Access Protocol (LDAP) queries are performed on the entire Active Directory (AD).
To avoid unnecessary traffic across domains and return results promptly with maximum speed, limit the scope of active directory queries by adding the following app-settings keys in Vault:
- for queries related to users, add the key
core-setting-adauth-users-container - for queries related to groups, add the key
core-setting-adauth-groups-container.
When AD authentication is enabled, the FintechOS Platform will use the values provided in the app-settings keys.
The keys are optional, if they are not provided the search will be performed on the entire directory.
Setting the users and groups containers in Vault secrets:
| Key Path | Key Name | Key Value |
|---|---|---|
| kv/<environment>/<application>/app-settings | core-setting-adauth-users-container | OU=Utilizatori,DC=acme,DC=ro |
| kv/<environment>/<application>/app-settings | core-setting-adauth-groups-container | OU=Grupuri,DC=acme,DC=ro |
In the example above, the LDAP queries will be performed against the following AD containers:
Users:
- Organizational Unit (OU): Utilizatori
- Domain Component (DC): ro
Groups:
- Organizational Unit (OU): Grupuri
- Domain Component (DC): ro
(Deprecated) Setting the users and groups containers in the web.config file:
Copy
<app-settings>
<add key="core-setting-adauth-users-container" value="OU=Utilizatori,DC=acme,DC=ro"/>
<add key="core-setting-adauth-groups-container" value="OU=Grupuri,DC=acme,DC=ro"/>
....
</app-settings>