Skip to content
Connect2id

Datasheet

JSON web service for LDAP user authentication and provisioning

LdapAuth is a lightweight JSON-RPC 2.0 web service for authenticating and provisioning users whose accounts are stored in an LDAP v3 compatible directory.

Directory server compatibility

LdapAuth is compatible with any directory supporting the current version 3 of the Lightweight Directory Access Protocol (LDAP).

Popular directory servers:

Json2Ldap compatibility

LdapAuth can also access directory servers via a Json2Ldap 2.3+ web API.

Web API

The LdapAuth web API handles requests for user authentication and for retrieving selected user details for the purpose of provisioning.

Deployment

LdapAuth is packaged as a standard web application archive (WAR) ready for deployment in a Java servlet container, such as the popular open source Apache Tomcat server.

Configuration

LdapAuth is configured by properties located in the WEB-INF/authService.properties file. Any configuration property can be overridden by a Java system property.

Access control » Web API settings »

Allows / denies access to AuthService based on a set of rules such as SSL/X.509 security or client IP whitelist.

AuthService settings for enabling / disabling calls, exception reporting and HTTP response content type.

Authenticating backend » User DN resolution »

Specifies the authenticating realm and backend type.

Configures resolution of user DNs from the supplied username, email or other unique user identifier.

Json2Ldap gateway / proxy »

The Json2Ldap URL and other connection details.

LDAP server » User attributes for retrieval »

The LDAP directory URL and other connection details.

The names of the LDAP attributes to retrieve on a successfully authenticated user.get request.

Custom trust and key store »

Custom trust or key store for TLS/SSL LDAP connections.

Logging

LdapAuth uses the popular log4j framework. Here are the event types that can be selectively logged (at various levels):

  • On a HTTP request: method name, client IP, client X.509 certificate principal.

  • On a JSON-RPC 2.0 request: method name, request parameters (passwords are hidden), response status (success or error code).

  • DN resolution operation.

  • LdapAuth, Json2Ldap and LDAP exceptions.

Logging is configured by the WEB-INF/log4j.xml file.

Sample LDAP directory server

A sample LDAP directory server is included in the LdapAuth WAR to enable evaluation and testing of the service without an external directory. The sample directory is enabled / disabled and configured through the /WEB-INF/sampleDirectory.properties file.

System requirements

Runtime:

  • Java 17+

  • Jakarta Servlet API 6.0+