1.1 Register an application with the Microsoft identity platform
To register an application with the Microsoft identity platform, you need:
- A Microsoft Entra ID user account. If you don’t already have one, you can create an account for free.
Register a new application in your Microsoft Entra Admin Center. More descriptions can be found here.
- Sign-in to the Microsoft Entra Admin Center.
- Browse to Identity > Applications > App registrations
- Select New registration.
- Name the application, for example “ldap-wrapper”.
- Select a supported account type, which determines who can use the application.
Important: Personal Microsoft accounts are not supported. - Under Redirect URI, select nothing and keep it empty.
- Select Register.
-
Set the following Microsoft Graph API Application permissions:
For typeApplicationallowUser.Read.All,Group.Read.All.
For typeDelegatedallowUser.Read.
Optionally: AllowDevice.Read.Allfor typeApplicationif you also want to load devices.
-
Click “Grant admin consent”. The status should be “Granted for”.
If you see en entry with “Not granted for”, click again:
-
Set Allow public client flows to
Yes
Copy and save those values for the later use as environment variables in the Docker container:
AZURE_TENANTID: Directory (tenant) ID from the page “overview”.AZURE_APP_ID: Application (client) ID from the page “overview”.
AZURE_APP_SECRET: Value of a new client secret from the page “Certificates & secrets”.
Use a docker container or any other method to run the LDAP-wrapper and start it with the previously saved environment variables.