Integrating Shiny Proxy with Active Directory



Has anyone successfully configured integration of Shiny Proxy with Active Directory.

We want to manage users via Active Directory Groups to access the different Apps.

We have setup 2 AD groups fr-shiny-admins and fr-shiny-fi-london-analysts

We have setup this configuration

url: ldap://dc01.dummycompany.corp:389/dc=dummycompany,dc=corp
user-dn-pattern: uid=%username%
user-search-filter: (sAMAccountName={0})
group-search-base: dc=dummycompany,dc=corp
group-search-filter: (uniqueMember={0})
manager-dn: CN=svc-shinyproxy,OU=Shiny_Proxy_App,OU=Admin,DC=dummycompany,DC=corp
manager-password: SomeRandomPassword

ldap-groups: [fr-shiny-admins, fr-shiny-fi-london-analysts]

I would like advise on what settings should be used for the following 2 lines:
user-dn-pattern: uid=%username%
user-search-filter: (sAMAccountName={0})

In Active Directory the user accounts are located on different OUs (Organizational Units).



Hi @ltfong,

ShinyProxy LDAP authentication supports two methods to resolve user names:
a) Using user-dn-pattern you can resolve a user’s uid or short name into a full dn.
b) Using user-search-filter you can resolve a user using any attribute, such as sAMAccountName.

Our example config uses approach (a) to connect to
Method (b) is usually used in an Active Directory environment. So in your case, you can leave user-dn-pattern empty, and use user-search-filter: (sAMAccountName={0})
You may also want to use user-search-base to limit the scope of the search.