login to openidm using dirserver user credentials

This topic has 5 replies, 3 voices, and was last updated 6 years, 1 month ago by subbub18.

  • Author
  • #11817

    hi all,
    I have a usecase, where I am working on finding out a way to allow user to get auth & login to openidm for users who are available in my dir server [like OpenDJ or MS – AD], is there are any suggestions or approaches that I can follow to achieve this.

    please respond with your inputs.


     Andrew Potter

    Search the Integrators Guide for Pass-Through Authentication.


    Hi Andrew,

    Scenario is I would need my active directory users to login to openidm without having their accounts reconciled to openidm.
    Could you provide any inputs on this scenario.



    I’ve also been looking at this, and wanted to authenticate users against an AD and assign the openidm-admin role to users in a specific AD group. These users are not reconciled to OpenIDM as managed users, however looking at the examples it looks like this might be required?

    I would be interested if you find a solution.

     Andrew Potter

    @subbub18, an authentication.json config like this:

                    "name" : "PASSTHROUGH",
                    "enabled" : true,
                    "properties" : {
                        "propertyMapping" : {
                            "authenticationId" : "uid"
                        "queryOnResource" : "system/ldap/account",
                        "defaultUserRoles" : [

    Allows me to log in to the user-ui without synchronising accounts to the IDM repo. Note it still depends on the connector being defined. But, there is no mapping in this config to a managed/user object

    If you want people to be able to log in to the admin-ui you can include ‘openidm-admin’ in the defaultUserRoles.

    @andyr in theory you can use the groupRoleMappings to control OpenIDM roles based on LDAP group membership. I’ve not tried it, but it’s included in the Integrators guide: https://backstage.forgerock.com/#!/docs/openidm/4/integrators-guide#passthrough-auth

    "groupRoleMapping" : {
                 "openidm-admin" : ["cn=admins"]

    Thanks for your response Andrew & others.
    Have a nice day!

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?