yammer / dropwizard-auth-ldap

Dropwizard Authentication Module for LDAP using JNDI.
Apache License 2.0
36 stars 18 forks source link

LDAP Authenticator Build Status Maven Central

This is a simple dropwizard-auth module using Basic-Auth + LDAP for authentication. This is the module internal tools at Yammer used to authenticate users.

Note: This module has only been subjected to the traffic of our engineering team. We have not used this to authenticate high-traffic or tuned the JNDI connection pool as such.

Maven

<dependency>
    <groupId>com.yammer.dropwizard</groupId>
    <artifactId>dropwizard-auth-ldap</artifactId>
    <version>1.0.4</version>
</dependency>

Legacy Dropwizard Support

0.0.x releases will contain bug/security updates. 0.1.x and beyond will support 0.7+ dropwizard

How To Use

LdapConfiguration configuration = new LdapConfiguration();
LdapAuthenticator authenticator = new LdapAuthenticator(configuration);
authenticator.authenticate(new BasicCredentials("user", "password"));

Add it to your Service

I assume you are already familiar with dropwizard's authentication module. You can find more information about dropwizard authentication at http://www.dropwizard.io/manual/auth.html

Here is an example how to add LdapAuthenticator using a CachingAuthenticator to your service:

@Override
public void run(ExampleAppConfiguration configuration, Environment environment) throws Exception {
      final LdapConfiguration ldapConfiguration = configuration.getLdapConfiguration();

      Authenticator<BasicCredentials, User> ldapAuthenticator = new CachingAuthenticator<>(
              environment.metrics(),
              new ResourceAuthenticator(new LdapAuthenticator(ldapConfiguration)),
              ldapConfiguration.getCachePolicy());

      environment.jersey().register(new AuthDynamicFeature(
              new BasicCredentialAuthFilter.Builder<User>()
                      .setAuthenticator(ldapAuthenticator)
                      .setRealm("LDAP")
                      .buildAuthFilter()));

      environment.jersey().register(new AuthValueFactoryProvider.Binder<>(User.class));

      environment.healthChecks().register("ldap", new LdapHealthCheck<>(
              new ResourceAuthenticator(new LdapCanAuthenticate(ldapConfiguration))));}

https://github.com/yammer/dropwizard-auth-ldap/blob/master/src/test/java/com/yammer/dropwizard/authenticator/tests/ExampleAppTest.java

Additional Notes

Make sure to register your resources. Example:

environment.jersey().register(new YourResource());

Configuration

uri: ldaps://myldap.com:636
cachePolicy: maximumSize=10000, expireAfterWrite=10m
userFilter: ou=people,dc=yourcompany,dc=com
groupFilter: ou=groups,dc=yourcompany,dc=com
userNameAttribute: cn
groupNameAttribute: cn
groupMembershipAttribute: memberUid
groupClassName: posixGroup
restrictToGroups:
    - user
    - admin
    - bots
connectTimeout: 500ms
readTimeout: 500ms
negotiateTls: strict

CHANGELOG

Check the Changelog for detailed updates.

Bugs and Feedback

For bugs, questions, and discussions please use the Github Issues