ldap_auth #

Description #

The ldap_auth filter is used to set authentication based on the Lightweight Directory Access Protocol (LDAP).

Configuration Example #

A simple example is as follows:

  - name: ldap_auth
      - ldap_auth:
          host: "ldap.forumsys.com"
          port: 389
          bind_dn: "cn=read-only-admin,dc=example,dc=com"
          bind_password: "password"
          base_dn: "dc=example,dc=com"
          user_filter: "(uid=%s)"

The above configuration uses an online free LDAP test server, the test user is tesla, and the password is password.

➜  curl -u tesla:password  
  "name" : "",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "ZGTwWtBfSLWRpsS1VKQDiQ",
  "version" : {
    "number" : "7.8.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
    "build_date" : "2020-06-14T19:35:50.234439Z",
    "build_snapshot" : false,
    "lucene_version" : "8.5.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  "tagline" : "You Know, for Search"
➜  curl -u tesla:password1 

Parameter Description #

hoststringAddress of the LDAP server
portintPort of the LDAP server. The default value is 389.
tlsboolWhether the LDAP server uses the Transport Layer Security (TLS) protocol. The default value is false.
bind_dnstringInformation about the user who performs the LDAP query
bind_passwordstringPassword for performing the LDAP query
base_dnstringRoot domain for filtering LDAP users
user_filterstringQuery condition for filtering LDAP users. The default value is (uid=%s).
uid_attributestringAttribute of a user ID. The default value is uid.
group_attributestringAttribute of a user group. The default value is cn.
attributearrayList of attributes returned by the LDAP query
max_cache_itemsintThe max number of cached items
cache_ttldurationThe expired TTL of cached items,default 300s