Web API microservice with only one purpose:
Make LDAP auth integration simplier.
Please read the simple MIT license.
- Dotnet 8
- FastEndpoints
- Swagger
- Docker
Use below packages for client integration with service API
Use docker compose to setup container ease.
Shure, you can produce manual installation with dotnet-runtime.
cd ./src/presentation/KutCode.Security.Ldap.WebApi
docker build -t ldap .
docker run -d -p 8080:8080 -v ./appsettings:/app/appsettings -v ./logs:/apt/logs -e ASPNETCORE_URLS=http://+:80 ldapEdit docker-compose.yml file:
services:
webapi:
#image: registry.domain.local/ldap
build:
# set path to source code project directory
context: src/presentation/KutCode.Security.Ldap.WebApi
ports:
- 9080:8080
environment:
ASPNETCORE_ENVIRONMENT: Production
ListenPort: 8080 ## not required, 8080 by default
volumes:
- ./appsettings:/app/appsettings
- ./logs:/app/logsExecute from the solution root directory:
docker compose up -d To check installation open in browser:
http://localhost:[your port]/swagger
OR
curl http://[ip]:[port]/swagger -vIn application root /appsettings directory create appsettings.json file with following content:
{
"Culture": "en",
"ListenPort": 80,
"Ldap": {
"Server": "dc01.examplpe.local",
"ServerPort": 389,
"DomainName": "examplpe.local",
"BaseLdapFilter": "DC=examplpe,DC=local",
"AdditionalLdapFilter": "&(objectClass=user)(objectClass=person)",
"LoginAttribute": "sAMAccountName",
"DisplayNameAttribute": "displayName",
"UseSsl": false,
"ServiceAccount": {
"Username": "domain-login",
"Password": "password"
}
},
"Rpc":{
"Enabled": false,
"Port": 9081,
"Secure": false
},
"Cors": {
"Origins": [
"localhost", "some-one-else.com"
]
}
}Here some information about this settings:
Culture- language of validation messagesListenPort- port to listen on, for webApi onlyLdapServer- LDAP server name or ip-addressServerPort- LDAP server port, 389 is default non-ssl LDAP portDomainName- Domain name of LDAP instanceBaseLdapFilter- LDAP base filter for user searchAdditionalLdapFilter- LDAP additional filter for user searchLoginAttribute- LDAP login attributeDisplayNameAttribute- LDAP display name attributeEmailAttribute- LDAP email attributeUseSsl- Should LDAP connection use sslServiceAccount- Account to load domain users (don't forget about account domain read permissions)Username- Domain account usernamePassword- Domain account password
Rpc- gRPC settingsEnabled- will application accept gRPC connectionsPort- port for HTTP2 connections (cause gRPC works on HTTP2), do not set same port that Web-API use if connections will be not secured with TLSSecure- does application will accept secured connections (allows to use HTTP API and gRPC on the same port)
CorsOrigins- list of allowed origins, uselocalhostby default, and add some custom origins if application has access to browser url
After launching the application, you can access the web api from the browser using Swagger UI:
http://localhost:[your port]/swagger
Here is methods description:
- GET:
/api/v1/ping- check if service is up - POST:
/api/v1/auth- authenticate user with LDAP by login/password - GET:
/api/v1/objects/users- get all domain users (may take long time to load, based on domain size)
JSON request body:
{
"login": "example_user", // user Domain login
"password": "example_password" // user Domain password
}JSON response:
{
"status": "OK",
"code": 200,
"value": {
"authorized": true, // is user authorized success
"userData": {
"userId": "1.3.3.2.2.1.4554.1.22.3", // LDAP unique identity
"userDistinguishedName": "CN=Example User,OU=Some group,OU=Users,DC=somedomain,DC=local",
"userDisplayName": "Example User",
"memberOfGroups": [ // the name of the groups that the user is a member of
"some_groups"
]
}
}
}TypeScript model:
export interface LdapAuthResponse {
status: string
code: number
value: AuthResult | null
}
export interface AuthResult {
authorized: boolean
userData: UserData
}
export interface UserData {
userId: string
userDistinguishedName: string
userDisplayName: string
memberOfGroups: string[]
}