ldap-auth
#
Summary#
Nameldap-auth
is an authentication plugin that can works with consumer
. Add Ldap Authentication to a service
or route
.
The consumer
then authenticate against the Ldap server using Basic authentication.
For more information on Basic authentication, refer to Wiki for more information.
This authentication plugin use lualdap plugin to connect against the ldap server
#
AttributesName | Type | Requirement | Default | Valid | Description |
---|---|---|---|---|---|
base_dn | string | required | the base dn of the ldap server (example : ou=users,dc=example,dc=org ) | ||
ldap_uri | string | required | the uri of the ldap server | ||
use_tls | boolean | optional | true | Boolean flag indicating if Transport Layer Security (TLS) should be used. | |
uid | string | optional | cn | the uid attribute |
#
How To Enableldap-auth
option#
1. set a consumer and config the value of the curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '{ "username": "foo", "plugins": { "ldap-auth": { "user_dn": "cn=user01,ou=users,dc=example,dc=org" } }}'
ldap-auth
plugin#
2. add a Route or add a Service, and enable the curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '{ "methods": ["GET"], "uri": "/hello", "plugins": { "ldap-auth": { "base_dn": "ou=users,dc=example,dc=org", "ldap_uri": "localhost:1389", "uid": "cn" }, }, "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:1980": 1 } }}'
#
Test Plugin- missing Authorization header
$ curl -i http://127.0.0.1:9080/helloHTTP/1.1 401 Unauthorized...{"message":"Missing authorization in request"}
- user is not exists:
$ curl -i -uuser:password1 http://127.0.0.1:9080/helloHTTP/1.1 401 Unauthorized...{"message":"Invalid user key in authorization"}
- password is invalid:
$ curl -i -uuser01:passwordfalse http://127.0.0.1:9080/helloHTTP/1.1 401 Unauthorized...{"message":"Password is error"}
- success:
$ curl -i -uuser01:password1 http://127.0.0.1:9080/helloHTTP/1.1 200 OK...hello, world
#
Disable PluginWhen you want to disable the ldap-auth
plugin, it is very simple,
you can delete the corresponding json configuration in the plugin configuration,
no need to restart the service, it will take effect immediately:
$ curl http://127.0.0.1:2379/apisix/admin/routes/1 -X PUT -d value='{ "methods": ["GET"], "uri": "/hello", "plugins": {}, "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:1980": 1 } }}'