
LDAP Authentication Advanced
Configuration
Hide Child Parameters
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx
. Note that this value must refer to the consumer id
or username
attribute, and not its custom_id
.
Default:
>= 0 characters
The DN to bind to. Used to perform LDAP search of user. This bind_dn
should have permissions to search for the user being authenticated.
This field is referenceable.
The groups required to be present in the LDAP search result for successful authorization. This config parameter works in both AND / OR cases. - When ["group1 group2"]
are in the same array indices, both group1
AND group2
need to be present in the LDAP search result. - When ["group1", "group2"]
are in different array indices, either group1
OR group2
need to be present in the LDAP search result.
An optional string to use as part of the Authorization header. By default, a valid Authorization header looks like this: Authorization: ldap base64(username:password)
. If header_type
is set to “basic”, then the Authorization header would be Authorization: basic base64(username:password)
. Note that header_type
can take any string, not just 'ldap'
and 'basic'
.
Default:ldap
The password to the LDAP server.
This field is referenceable.
This field is encrypted.
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Allowed values:grpcgrpcshttphttpswswss
Default:grpc, grpcs, http, https, ws, wss
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.