LDAP authentication

Estimated reading time: 1 minute

Ktor supports LDAP (Lightweight Directory Access Protocol) for credential authentication.

authentication {
    basic("authName") {
        realm = "realm"
        validate { credential ->
            ldapAuthenticate(credential, "ldap://$localhost:${ldapServer.port}", "uid=%s,ou=system")
        }
    }
}

Optionally you can define an additional validation check:

authentication {
    basic("authName") { 
        realm = "realm"
        validate { credential ->
            ldapAuthenticate(credentials, "ldap://localhost:389", "cn=%s ou=users") {
                if (it.name == it.password) {
                    UserIdPrincipal(it.name)
                } else {
                    null
                }
            }
        }
    }
}

You can see advanced examples for LDAP authentication in the Ktor’s tests.

This feature is defined in the package io.ktor.auth.ldap in the artifact io.ktor:ktor-auth-ldap:$ktor_version.
dependencies { compile "io.ktor:ktor-auth-ldap:$ktor_version" }
<project> ... <dependencies> <dependency> <groupId>io.ktor</groupId> <artifactId>ktor-auth-ldap</artifactId> <version>${ktor.version}</version> </dependency> </dependencies> </project>

Bear in mind that current LDAP implementation is synchronous.