JSON web service for LDAP user authentication and provisioning
LdapAuth is a lightweight JSON-RPC 2.0 web service for authenticating and provisioning users whose accounts are stored in an LDAP v3 compatible directory.
Directory server compatibility
LdapAuth is compatible with any directory supporting the current version 3 of the Lightweight Directory Access Protocol (LDAP).
Popular directory servers:
LdapAuth can also access directory servers via a Json2Ldap 2.3+ web API.
The LdapAuth web API handles requests for user authentication and for retrieving selected user details for the purpose of provisioning.
|User authentication and details »
|User realm »
|Web service information »
|Access control »
|Web API settings »
Allows / denies access to AuthService based on a set of rules such as SSL/X.509 security or client IP whitelist.
AuthService settings for enabling / disabling calls, exception reporting and HTTP response content type.
|Authenticating backend »
|User DN resolution »
Specifies the authenticating realm and backend type.
Configures resolution of user DNs from the supplied username, email or other unique user identifier.
|Json2Ldap gateway / proxy »
The Json2Ldap URL and other connection details.
|LDAP server »
|User attributes for retrieval »
The LDAP directory URL and other connection details.
The names of the LDAP attributes to retrieve on a successfully authenticated user.get request.
|Custom trust and key store »
Custom trust or key store for TLS/SSL LDAP connections.
LdapAuth uses the popular log4j framework. Here are the event types that can be selectively logged (at various levels):
On a HTTP request: method name, client IP, client X.509 certificate principal.
On a JSON-RPC 2.0 request: method name, request parameters (passwords are hidden), response status (success or error code).
DN resolution operation.
LdapAuth, Json2Ldap and LDAP exceptions.
Logging is configured by the
Sample LDAP directory server
A sample LDAP directory server is included in the LdapAuth WAR to enable
evaluation and testing of the service without an external directory. The
sample directory is enabled / disabled and configured through the
Jakarta Servlet API 6.0+