I am using Kong over Kubernetes.
I have tried to use the LDAP AUTH with this configuration
{
“id”: “93dsd0bfa-g851-4953-abdkje54-b7461545S806”,
“name”: “ldap-auth”,
“enabled”: true,
“created_at”: 1479514353000,
“config”: {
“attribute”: “sAMAccountName”,
“cache_ttl”: 60,
“timeout”: 10000,
“start_tls”: false,
“hide_credentials”: false,
“ldap_host”: “@IP of my ldap”,
“base_dn”: “dc=dev,dc=com”,
“ldap_port”: 389,
“keepalive”: 60000,
“verify_ldap_host”: false
}
}
However, with the attributes ‘sAMAccountName’ the connection doesn’t works properly.
When I configure my Header Authorization with a base64(samaccountame:password)
Kong said that my credentials are invalid and returns an error in the logs:
AcceptSecurityContext error , data 52e , v3839
But the LDAP plugins works well with a CN attributes and the proper Base DN.
Related topics: (NOT FIXED YET)
opened 07:14AM - 15 Nov 16 UTC
closed 03:35AM - 12 Jan 19 UTC
### Summary
LDPA plugin response 200 OK only with admin credentials
### St… eps To Reproduce
1. Installed LDAP plug on kong with the following setup:
```
name:ldap-auth
config.hide_credentials:false
config.ldap_host:192.168.100.135
config.ldap_port:389
config.base_dn:dc=company,dc=net
config.attribute:cn
config.cache_ttl:3600
config.start_tls:false
```
2. run LDAP locally (it's a docker container)
3. create 'admin' user with password '1234' user during the installation
4. create ou (organization unit) = users
5. create cn for a user un the ou - lets call it 'test' with password '1234'
6. Try to auth a request with kong with user 'admin' will response 200 OK
7. Try to auth a request with user 'test' will response 403 Forbidden
### Additional Details & Logs
- Kong version (0.9)
- Access log
```
172.17.0.1 - - [14/Nov/2016:18:15:39 +0000] "GET /cybereye HTTP/1.1" 200 1054 "-" "PostmanRuntime/3.0.1"
172.17.0.1 - - [14/Nov/2016:18:23:04 +0000] "GET /cybereye HTTP/1.1" 403 60 "-" "PostmanRuntime/3.0.1"
```
- Kong error logs
``` no errors ```
- Kong configuration (registered APIs/Plugins & configuration file)
```LDAP Plugin```
- Operating System
```Dockerized```
Hello, I am trying to set the ldap-auth plugin to be on all apis.
My configuration for this plugin is:
curl -X POST http://localhost:8001/plugins/
--data "name=ldap-auth"
--data "config.hide_credentials=false"
--data "config.ldap_host=10.180.20.1"
--data "config.ldap_port=389"
--data "config.base_dn=OU=Employees,OU=COMPANY-USERS,DC=test,DC=com"
--data "config.attribute=cn"
--data "config.cache_ttl=60"
I consume the api using
curl -H "Authorization: LDAP <base64(cn:password)>" http://lo…