Can provide example for Quarkus Security with LDAP with configuration explanation

[Manish123chandel]

Hi Team,

I'm trying to secure the end points via LDAP security. i.e if some try to access the end point then it should authenticate the username with LDAP server, if it is authenticated then inly it able to access the endpoint.

Can you please provide the documents for this if already available then please provide me cos existing doc "Security with LDAP" is not enough to understand.

[Manish123chandel]

I tried with the configuration and getting the errors as below.

[rafamqrs]

Hi @Manish123chandel, Did you try this doc? https://quarkus.io/guides/security-ldap

[LinoMDS]

Hi @rafamqrs I've look at the doc above, but in this doc doesn´t explain how to secure only a few endpoints with ldap, is it possible to only have ldap for one endpoint and the rest of the application with smallrye jwt for example? if so, how can I specify the endpoint that this is to be secure with ldap? Also can the ldap be override in order to send the user password from user input instead of reading it from properties?

[mbench777]

Having a similar issue. I need to configure LDAP only for the endpoint login (Where the frontend send username & password parameters), once the user is authenticated with LDAP, a token JWT will be generated and used to access the other endpoinds. If anyone has already done this, i will be glad to here from him.

[mecsafonso]

@mbench777 You solved it?

[rutuls]

Having a similar issue. I need to configure LDAP only for the endpoint login (Where the frontend send username & password parameters), once the user is authenticated with LDAP, a token JWT will be generated and used to access the other endpoinds. If anyone has already done this, i will be glad to here from him.

Did you get any solution on this ? I am looking to develop login and logout APIs based on LDAP AD credentials. Cannot find anything meaningful in quarkus documents.

[DaniGalicia]

This is my workaround. Create another quarkus app that use ldap with just one auth endpoint.

My first app calls this endpoint and sends credentials through rest-client to verify autentication. If it's successful, then I generate the Jwt.

View - > app1- > app2 - > ldap server

[idefixcert]

Isn't that exactly what you are searching for: https://quarkus.io/guides/security-oidc-code-flow-authentication By using KeyCloak as an oidc provider you can connect to keycloak. And KeyCloak can interact with ldap.