Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Table of Contents

Example External Authorization Configurations

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 14, 2026
  • 1 minute read
    • MarkLogic Server
    • Version 11.0
    • Documentation

This section provides an example of how Kerberos and LDAP users and groups might be mapped to MarkLogic Server users and roles.

On Active Directory, there is a Kerberos user and an LDAP user assigned to an LDAP group:

  • Kerberos Principal: jsmith@MLTEST1.LOCAL

  • LDAP DN: CN=John Smith,CN=Users,DC=MLTEST1,DC=LOCAL

  • LDAP memberOf: CN=TestGroup Admin,CN=Users,DC=MLTEST1,DC=LOCAL

On MarkLogic Server, the two users and the ldaprole1 role are assigned external names that map them to the above users and LDAP group.

Kerberos User:

  • User name: krbuser1

  • External names: jsmith@MLTEST1.LOCAL

LDAP User:

  • User name: ldapuser1

  • External names: CN=John Smith,CN=Users,DC=MLTEST1,DC=LOCAL

Role:

  • Role name: ldaprole1

  • External names: CN=TestGroup Admin,CN=Users,DC=MLTEST1,DC=LOCAL

After authentication, xdmp:get-current-user() returns a different username, depending on the external authorization configuration. The possible combinations of configurations and returned names is shown in this table:

AuthenticationProtocol

AuthorizationScheme

Name Returned

kerberos

internal

krbuser1

kerberos

ldap

jsmith@MLTEST1.LOCAL(TEMP user with role ldaprole1)

ldap

internal

ldapuser1

ldap

ldap

jsmith (TEMP user with role ldaprole1)
TitleResults for “How to create a CRG?”Also Available inAlert