Skip to content
Connect2id

LdapAuth

  • Simple JSON-RPC web gateway for authenticating users with an LDAP / Microsoft Active Directory
  • Provision selected user attributes to an application or service
  • With useful metrics and monitoring

Simple JSON-based web API for LDAP / Active Directory user authentication

LdapAuth provides a JSON-RPC 2.0 web API for authenticating users with an LDAP / Microsoft Active Directory. It integrates seamlessly with web applications as well as with the Connect2id server for Single Sign-On (SSO) and Identity Provisioning (IdP).

  • Authenticate users against an LDAP / Active Directory - Verify user login credentials with a designated LDAP v3 compatible directory, such as Active Directory or OpenLDAP.

  • Provision users - Retrieve selected user attributes, such as name, contact details and group memberships / permissions.

Here is an example request to check the login credentials of a user with email alice@wonderland.net and if successful retrieve a set of preconfigured attributes from her LDAP directory entry:

{
  "method"  : "user.authGet",
  "params"  : { "username" : "alice@wonderland.net",
                "password" : "secret" },
  "id"      : "0001",
  "jsonrpc" : "2.0"
}

The resulting JSON response containing the resolved LDAP DN and attributes for the user:

{
  "result"  : { "DN"         : "uid=alice,ou=people,dc=wonderland,dc=net",
                "attributes" : { "userID" : "alice",
                                 "name"   : "Alice Adams",
				                 "email"  : "alice@wonderland.net",
				                 "roles"  : [ "admin-network",
				                              "admin-www",
					                          "admin-cms" ],
                                 "phone"  : [ "+1 685 622 6202",
				                              "+1 010 154 3228",
					                          "+1 225 216 5900" ] },
  "id"      : "0001",
  "jsonrpc" : "2.0"
}

Comprehensive security

LdapAuth employs security measures at multiple layers:

  • Define a whitelist of allowed client IP addresses and / or host names.
  • Require clients to connect over secure HTTPS.
  • Require clients to present a valid X.509 certificate issued by a trusted certificate authority (CA).
  • Require the client X.509 certificate principal to match a specified distinguished name (DN).
  • Require clients to present an API key.
  • Enable / disable individual JSON-RPC 2.0 calls.
  • Hide internal web service exceptions.

LdapAuth connection security to the backend LDAP directory:

  • Connect to the LDAP server using StartTLS or SSL.
  • Specify a custom key and trust store (JKS) for the secure LDAP connections.
  • Optionally allow self-signed certificates.

Setup, configuration and use

LdapAuth is packaged as a standard web application archive (WAR) file to be deployed in a Java web server, such as Apache Tomcat.

Contact us if you have questions or wish to receive a personal consultation.

Download

Ready to try out LdapAuth? You are welcome to download an evaluation copy. No registration is required for that.

Download LdapAuth

The software comes in a standard Java WAR package ready for immediate deployment. Check out the installation instructions for details.

The production licence provides you with maintenance, updates and our support included for the first year of use. The subscription can be extended if you need to. Discounts are available if you wish to run multiple instances or would like to integrate LdapAuth into your own product or service offerings. We also offer various dedicated professional services such as integration assistance, training and custom add-on development. Get in touch with sales to explain your case and request a quote.