LDAP Authentication Plugin

The LDAP Authentication plugin adds LDAP Bind Authentication to your APIs, with username and password protection. Give it a try and discuss it here!

LDAP Authentication plugin documentation

I am looking for some help setting up LDAP plugin. I set up a local LDAP server and whilst I can confirm a valid account with ldapsearch, using those same settings on the kong plugin always results in “Invalid authentication details”. so my first specific question is - where does the LDAP plugin log to? I cannot find any entries in the nginx logs or in the kong log .

1 Like

where does the LDAP plugin log to?

Hi! The ldap-auth plugin logs to the nginx logs as usual (look for [ldap-auth] in the logs). You may also want to raise the log_level in kong.conf to “debug” for troubleshooting, in that case it should log all authentication attempts.

Kindly mention the steps to configure ldap auth plugin.
I am stuck, not able to implement

Sharing the same issue with the ldap auth plugin : I can play successfully many ldapsearch commands using the same parameters than the one I give to the plugin, but protecting a route with ldap-auth systematically returns
“message”: “Invalid authentication credentials”
Nothing in kong logs except :
2019/03/24 17:27:45 [error] 36#0: *597859 [kong] access.lua:88 [ldap-auth]
Error: The supplied credential is invalid.
Details: , client:, server: kong, request: “GET /joiningUsers HTTP/1.1”, host: “localhost:8000” - - [24/Mar/2019:17:27:45 +0000] “GET /joiningUsers HTTP/1.1” 403 48 “-” “PostmanRuntime/7.6.1”
I am also not able to see anything going to the LDAP server…
Any help would be appreciated starting from information on how to get more meaningful logs…
Best regards

I am done with LDAP authentication.
As you can see in attached screen shot.

Just add the api in kong, On the LDAP plugin and Send a authorization header as shown in Image.
Authorization header is consist of username and password in base64(username:password) encrypted format.

@sunny_choudhary Hello!

Can you help me to configure my plugin?

I am try with the configs below:

“id”: “405344ad-3bf45-4458-8444-782c17f490b3”,
“consumer”: null,
“config”: {
“cache_ttl”: 60,
“start_tls”: false,
“ldap_host”: “HOST IP”,
“ldap_port”: 389,
“verify_ldap_host”: false,
“anonymous”: null,
“timeout”: 10000,
“keepalive”: 60000,
“header_type”: “ldap”,
“attribute”: “UID”,
“base_dn”: “dc=devdom,dc=intra”,
“hide_credentials”: true,
“ldaps”: false
“name”: “ldap-auth”,
“enabled”: true,
“created_at”: 1632434421,
“protocols”: [
“service”: null,
“route”: {
“id”: “7ffb2f2a-3798-437a-8ss63-e344369a898”
“tags”: null

But I receveid same erro: “message”: “Invalid authentication credentials”

1 Like

It not working in our system too!!
Are there any problem with LDAP Plugin?? with attribute: sAMAccountName