Link Consumer to LDAP authenticated API

Hi there.

I would like to link a consumer to an API that is authenticated with LDAP. Not sure if I am going about this the wrong way - but I would have expected to see LDAP as one of the Auth options when I edit a Consumer, but I cant.

How should I do this?

PS: So I have successfully configured the LDAP plugin and it works fine - but I would need to “link” the username (X-Credential-Username) header to a defined Consumer so I can add additional info and authorization settings

Hi otrsw-

The LDAP plugin can’t be applied only to a certain consumer. It can only be applied globally, or on a specific API.

Can you please clarify what you mean by

“link” the username (X-Credential-Username) header to a defined Consumer"

Thanks

Hi there

Thanx for the feedback. Let me use an example:

Lets say there is a global ldap account for entity ABC

I want to define a consumer ABC in kong as well and that consumer info and properties should be passed on in the header to the downstream APIs. Specifically i want to add a JWT token defined for ABC in kong

Heinz Seldte
ONTHEROCK Software
0716043605
heinz@otrsw.commailto:heinz@otrsw.com

[X]

Cool, thanks for the aditional info.

I don’t believe that would be possible with just the LDAP plugin alone (still need to do some testing before I can say that with confidence), but could you add in the Response Transformer plugin to add those fields in?

I am considering implementing the same process.
I am thinking I need to design a login server accessed as an API in Kong. The login service would be protected by Kong LDAP plugin. When a request successfully gets to the login server it would use the Kong admin API to check if the consumer exists and create it if necessary. It would also add a JWT credential to the consumer and return this to the client. That way the client can use the JWT credential to access other API’s.

I still have to find out how the JWT token expiry process will work. I think my clients will need to re-login. Not sure if Kong JWT tokens have expiry.

I also need to research to find out if this functionality is already built into Kong. (If not it would be nice to have)