LDAP Authentication Plugin

Use the LDAP authentication plugin when you need to consult a Windows Active Directory or any LDAP-based user directory.

Configuration

You will need to gather some details about your LDAP configuration, such as the search filter and attributes. You will also need the CA certificate for securing the TLS session with the LDAP server.

For a Windows AD backend, an example configuration for the corp.example.com domain would be:

plugin:
  auth_ldap:
    enable: true
    ca_cert: ldap_ca.crt
    url: ldaps://Administrator:password@ad.corp.example.com/dc=corp,dc=example,dc=com
    filter: (&(objectClass=organizationalPerson)&(uid=%s))
    attributes: dn,givenName,sn,cn

The url should be specified as an LDAP URL, but no advanced operators are supported.

In the LDAP filter, %s is replaced by the VPN username. Any returned LDAP attributes are made available to other VPN plugins.

LDAP Authentication Plugin


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.