Skip to content

Latest commit

 

History

History
106 lines (82 loc) · 4.68 KB

ldap.md

File metadata and controls

106 lines (82 loc) · 4.68 KB
Raw

Required dependencies: io.ktor:ktor-server-auth, io.ktor:ktor-server-auth-ldap

LDAP is a protocol for working with various directory services that can store information about users. Ktor allows you to authenticate LDAP users using the basic, digest, or form-based authentications schemes.

You can get general information about authentication and authorization in Ktor in the section.

Add dependencies {id="add_dependencies"}

To enable LDAP authentication, you need to include the ktor-server-auth and ktor-server-auth-ldap artifacts in the build script:

implementation("io.ktor:ktor-server-auth:$ktor_version") implementation("io.ktor:ktor-server-auth-ldap:$ktor_version") implementation "io.ktor:ktor-server-auth:$ktor_version" implementation "io.ktor:ktor-server-auth-ldap:$ktor_version" <dependency> <groupId>io.ktor</groupId> <artifactId>ktor-server-auth</artifactId> <version>${ktor_version}</version> </dependency> <dependency> <groupId>io.ktor</groupId> <artifactId>ktor-server-auth-ldap</artifactId> <version>${ktor_version}</version> </dependency>

Configure LDAP {id="configure"}

Step 1: Choose an authentication provider {id="choose-auth"}

To authenticate LDAP users, you first need to choose an authentication provider for username and password validation. In Ktor, the basic, digest, or form-based providers can be used for this. For example, to use the basic authentication provider, call the basic function inside the install block.

install(Authentication) {
    basic {
        validate { credentials ->
            // Authenticate an LDAP user
        }
    }
}

The validate function will be used to check user credentials.

Step 2: Authenticate an LDAP user {id="authenticate"}

To authenticate an LDAP user, you need to call the ldapAuthenticate function. This function accepts UserPasswordCredential and validates it against a specified LDAP server.



{src="snippets/auth-ldap/src/main/kotlin/com/example/Application.kt" lines="10-16"}


The validate function returns a UserIdPrincipal in a case of successful authentication or null if authentication fails.


Optionally, you can add additional validation for an authenticated user.


install(Authentication) {
    basic("auth-ldap") {
        validate { credentials ->
            ldapAuthenticate(credentials, "ldap://localhost:389", "cn=%s,dc=ktor,dc=io") {
                if (it.name == it.password) {
                    UserIdPrincipal(it.name)
                } else {
                    null
                }
            }
        }
    }
}


Step 3: Define authorization scope {id="authenticate-route"}


After configuring LDAP, you can define the authorization for the different resources in our application using the authenticate function. In a case of successful authentication, you can retrieve an authenticated UserIdPrincipal inside a route handler using the call.principal function and get a name of an authenticated user.




{src="snippets/auth-ldap/src/main/kotlin/com/example/Application.kt" lines="17-23"}


You can find the complete runnable example here: auth-ldap.




Bear in mind that current LDAP implementation is synchronous.