LdapAuth

  • JSON web service for authenticating users with an LDAP / Active Directory
  • Can provision selected user directory attributes to your app or service
  • Useful metrics and monitoring for your DevOps

JSON web API for LDAP / Active Directory user authentication

LdapAuth is a JSON μ-service for authenticating users with an LDAP / Active Directory. It integrates nicely with web, mobile and cloud apps, and with the OpenID Connect server for Single Sign-On (SSO) and Identity Provisioning (IdP).

What can LdapAuth do for your app?

  • Authenticate users in LDAP / Active Directory - Check input user credentials with a designated LDAP v3 compatible directory, such as Active Directory or OpenLDAP.

  • Provision users - Retrieve selected information about the user from their directory account, conveniently packaged in a JSON object. That can include names, contact details and group memberships / permissions.

LdapAuth is accessed via a simple JSON-RPC API. Here is an example request to check the credentials of user alice@wonderland.net and retrieve a set of preconfigured attributes from her LDAP directory account:

{
  "method"  : "user.authGet",
  "params"  : { "username" : "alice@wonderland.net",
                "password" : "secret" },
  "id"      : "0001",
  "jsonrpc" : "2.0"
}

The resulting JSON response containing the resolved LDAP DN for Alice and the requested details:

{
  "result"  : { "DN"         : "uid=alice,ou=people,dc=wonderland,dc=net",
                "attributes" : { "userID" : "alice",
                                 "name"   : "Alice Adams",
                                 "email"  : "alice@wonderland.net",
                                 "roles"  : [ "admin-network",
                                              "admin-www",
                                              "admin-cms" ],
                                 "phone"  : [ "+1 685 622 6202",
                                              "+1 010 154 3228",
                                              "+1 225 216 5900" ] },
  "id"      : "0001",
  "jsonrpc" : "2.0"
}

Comprehensive security

LdapAuth employs security at multiple layers:

  • Define a whitelist of approved client IP addresses and / or host names.
  • Require clients to connect over secure HTTPS.
  • Require clients to present a valid X.509 certificate issued by a trusted certificate authority (CA).
  • Require the client X.509 certificate principal to match a specified distinct name (DN).
  • Require clients to present an API key.
  • Enable / disable individual JSON-RPC 2.0 calls.
  • Hide internal web service exceptions.

Connections from LdapAuth to the backend can also be reliably secured:

  • Connect to the LDAP server using StartTLS or SSL.
  • Specify a custom key and trust store (JKS) for the secure LDAP connections.
  • Optionally allow self-signed certificates.

Setup and configuration

LdapAuth is packaged as a standard web application archive (WAR) ready for immediate deployment in a Java web server, such as Apache Tomcat.

Contact us if some questions have been left unanswered or if you wish to receive a personal consultation.

Download

Ready to try out LdapAuth? You are welcome to download an evaluation copy. No registration is required for that.

Download LdapAuth

The software comes in a standard Java WAR package ready for immediate deployment. Check out the installation instructions for details.

The production licence provides you with maintenance, updates and our support included for the first year of use. The subscription can be extended if you need to. Discounts are available if you wish to run multiple instances or would like to integrate LdapAuth into your own product or service offerings. We also offer various dedicated professional services such as integration assistance, training and custom add-on development. Get in touch with sales to explain your case and request a quote.