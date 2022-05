< clickhouse >

< !- ... -- >

< ldap_servers >

< !- Typical LDAP server. -- >

< my_ldap_server >

< host > localhost </ host >

< port > 636 </ port >

< bind_dn > uid={user_name},ou=users,dc=example,dc=com </ bind_dn >

< verification_cooldown > 300 </ verification_cooldown >

< enable_tls > yes </ enable_tls >

< tls_minimum_protocol_version > tls1.2 </ tls_minimum_protocol_version >

< tls_require_cert > demand </ tls_require_cert >

< tls_cert_file > /path/to/tls_cert_file </ tls_cert_file >

< tls_key_file > /path/to/tls_key_file </ tls_key_file >

< tls_ca_cert_file > /path/to/tls_ca_cert_file </ tls_ca_cert_file >

< tls_ca_cert_dir > /path/to/tls_ca_cert_dir </ tls_ca_cert_dir >

< tls_cipher_suite > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384 </ tls_cipher_suite >

</ my_ldap_server >



< !- Typical Active Directory with configured user DN detection for further role mapping. -- >

< my_ad_server >

< host > localhost </ host >

< port > 389 </ port >

< bind_dn > EXAMPLE\{user_name} </ bind_dn >

< user_dn_detection >

< base_dn > CN=Users,DC=example,DC=com </ base_dn >

< search_filter > ( & (objectClass=user)(sAMAccountName={user_name})) </ search_filter >

</ user_dn_detection >

< enable_tls > no </ enable_tls >

</ my_ad_server >

</ ldap_servers >

</ clickhouse >