LDAP
LDAP is a protocol for working with various directory services that can store information about users. Ktor allows you to authenticate LDAP users using the basic, digest, or form-based authentications schemes.
Add dependencies
To enable LDAP
authentication, you need to include the ktor-server-auth
and ktor-server-auth-ldap
artifacts in the build script:
Configure LDAP
Step 1: Choose an authentication provider
To authenticate LDAP users, you first need to choose an authentication provider for username and password validation. In Ktor, the basic, digest, or form-based providers can be used for this. For example, to use the basic
authentication provider, call the basic function inside the install
block.
The validate
function will be used to check user credentials.
Step 2: Authenticate an LDAP user
To authenticate an LDAP user, you need to call the ldapAuthenticate function. This function accepts UserPasswordCredential and validates it against a specified LDAP server.
The validate
function returns a UserIdPrincipal in the case of successful authentication or null
if authentication fails.
Optionally, you can add additional validation for an authenticated user.
Step 3: Protect specific resources
After configuring LDAP, you can protect specific resources in our application using the authenticate function. In the case of successful authentication, you can retrieve an authenticated UserIdPrincipal inside a route handler using the call.principal
function and get a name of an authenticated user.
You can find the complete runnable example here: auth-ldap.