ldap_auth

ldap_auth #

Description #

The ldap_auth filter is used to set authentication based on the Lightweight Directory Access Protocol (LDAP).

Configuration Example #

A simple example is as follows:

flow:
  - name: ldap_auth
    filter:
      - ldap_auth:
          host: "ldap.forumsys.com"
          port: 389
          bind_dn: "cn=read-only-admin,dc=example,dc=com"
          bind_password: "password"
          base_dn: "dc=example,dc=com"
          user_filter: "(uid=%s)"

The above configuration uses an online free LDAP test server, the test user is tesla, and the password is password.

➜  curl  http://127.0.0.1:8000/ -u tesla:password  
{
  "name" : "192.168.3.7",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "ZGTwWtBfSLWRpsS1VKQDiQ",
  "version" : {
    "number" : "7.8.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
    "build_date" : "2020-06-14T19:35:50.234439Z",
    "build_snapshot" : false,
    "lucene_version" : "8.5.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}
➜  curl  http://127.0.0.1:8000/ -u tesla:password1 
Unauthorized% 

Parameter Description #

NameTypeDescription
hoststringAddress of the LDAP server
portintPort of the LDAP server. The default value is 389.
tlsboolWhether the LDAP server uses the Transport Layer Security (TLS) protocol. The default value is false.
bind_dnstringInformation about the user who performs the LDAP query
bind_passwordstringPassword for performing the LDAP query
base_dnstringRoot domain for filtering LDAP users
user_filterstringQuery condition for filtering LDAP users. The default value is (uid=%s).
uid_attributestringAttribute of a user ID. The default value is uid.
group_attributestringAttribute of a user group. The default value is cn.
attributearrayList of attributes returned by the LDAP query
max_cache_itemsintThe max number of cached items
cache_ttldurationThe expired TTL of cached items,default 300s