Tutorial 2: Federation with LDAP
If you are in an enterprise environment, chances are that you already have some sort of an LDAP server, or are planning to use one. Since the LDAP server will hold the identities of the internal users, you can make AuthGuard use it instead of requiring users to sign up.
Prerequisites#
Make sure that you have already followed the instruction on how to build an AuthGuard distribution. LDAP module is not currently included in standard distributions.
Follow the guideline for the server setup.
Scenario#
Our scenario is pretty straightforward:
- Users are already added to an LDAP server
- A user can go to your website and application and log in using their LDAP credentials
- AuthGuard will authenticate the users against the LDAP server and then whatever token it is configured to generate just like a normal authentication step
Test Setup#
For the purpose of this tutorial, we will run a test LDAP server
as a container. The image we are going to use is bitnami/openldap:2
since it makes it easier to bootstrap accounts.
By default, the admin will available using CN=admin,DC=example,DC=org,
and users will be under dc=example,dc=org.
AuthGuard Configuration#
The configuration is the same as any regular AuthGuard distribution but with the LDAP section added, and the new exchanges allowed.
Login#
The /auth/authenticate endpoint cannot be used in this case,
so a call to /auth/exchange?from=ldap&to=accessToken is
necessary. You can replace accessToken with any of the supported
token types.