Home / Kong Plugin Hub
Edit
Report

LDAP Authentication Advanced

Overview Examples Configuration reference Changelog
Related Documentation
All Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https ws wss
Related Resources
LDAP Authentication
Kong Manager

3.11.0.0

Release date 2025/07/03

Bugfix

  • Fixed an issue that caused browsers to automatically pop up dialog boxes when authentication failed while ldap-auth-advanced was enabled in the Kong Manager.

3.10.0.0

Release date 2025/03/27

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.9.1.2

Release date 2025/07/07

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.8.1.1

Release date 2025/04/10

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.8.0.0

Release date 2024/09/11

Feature

  • Supported decoding an empty sequence or set represented in long form length

Bugfix

  • Added WWW-Authenticate headers to all 401 response.

3.7.1.5

Release date 2025/04/10

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.7.0.0

Release date 2024/05/28

Bugfix

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

  • fix an issue where an exception will be thrown when ldap search fails

3.6.1.8

Release date 2024/10/11

Bugfix

  • fix an issue where an exception will be thrown when ldap search fails

3.6.1.0

Release date 2024/02/26

Bugfix

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

3.6.0.0

Release date 2024/02/12

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.5.0.4

Release date 2024/05/20

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.4.3.17

Release date 2025/03/26

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.4.3.12

Release date 2024/08/08

Bugfix

  • Fixed an issue where an exception will be thrown when ldap search fails

3.4.3.5

Release date 2024/03/21

Bugfix

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.4.3.4

Release date 2024/02/10

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

3.4.3.2

Release date 2023/12/22

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

3.3.0.0

Release date 2023/05/19

Bugfix

  • The plugin now performs authentication before authorization, and returns a 403 HTTP code when a user isn’t in the authorized groups.

  • The plugin now supports setting the groups to an empty array when groups are not empty.

3.1.0.0

Release date 2022/12/06

Feature

  • The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

3.0.0.0

Release date 2022/09/09

Feature

  • This plugin now allows authorization based on group membership. The new configuration parameter, groups_required, is an array of string elements that indicates the groups that users must belong to for the request to be authorized.

  • The character . is now allowed in group attributes.

  • The character : is now allowed in the password field.

Bugfix

  • Fixed an issue where Kong Manager LDAP authentication failed when base_dn was the domain root.

Breaking Change

  • Updated the priority for some plugins.: ldap-auth-advanced changed from 1002 to 1200

2.8.4.8

Release date 2024/03/26

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

2.8.2.1

Release date 2022/11/21

Bugfix

  • Fixed an issue where operational attributes referenced by group_member_attribute weren’t returned in search query results.

2.8.2.0

Release date 2022/10/12

Bugfix

  • The characters . and : are now allowed in group attributes.

2.8.1.0

Release date 2022/04/07

Bugfix

  • Support passwords that contain a : character

2.8.0.0

Release date 2022/03/02

Feature

  • Beta feature: The ldap_password and bind_dn configuration fields are now marked as referenceable, which means they can be securely stored assecretsin a vault. References must follow a specific format.

Did this doc help?

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support