Kong authentication ldap + session + upstream api

Hi fellows,

We are using LDAP in our organisation and as of now all the upstream services handle ldap integration and user access management.

But looks like these responsibilities can be easily delegated to Kong. But I am unable to find any document on how session will be maintained in kong for subsequent request?

So first time, user send credentials and kong authenticate it via our ldap server. But how the subsequent requests will be handled? Do we have to send credentials with every request? Or we have some out of box option of ldap + session/cookie/jwt kind of integration?

Secondly, can kong pass the user groups retrieved from ldap to upstream services?

Thanks for any help :slight_smile: