Today, API security has become one of the most important thing. It is a vast field with many approaches and meanings. Most commonly, people refer API security as Authentication and Authorization. Encryption can also be included in this space, but lets keep that aside for separate discussion.
For this article, lets just focus on how to use LDAP for API Authentication and Authorization. There are many frameworks like Spring, etc. which can be used to connect your application with LDAP for Authentication. LDAP does not handle Authorization piece but it can return “Groups” and based on that you application can either authorize or deny the request.
In this article, we will see following:
- How to create a user in LDAP
- How to create a group in LDAP
- How to assign user to the group in LDAP
Refer this link if you wish to setup OpenLDAP on your MAC. I had used JXplorer before but for this article I am going to use Apache Directory Studio. Moreover, I am going to use ApacheDS 2.0.0 LDAP Server. Note that all the following points mentioned above are same for OpenLDAP or any other LDAP server.
Create New LDAP Server
- Go to LDAP Servers tab >> Right Click >> New >> New Server
- Now select ApacheDS 2.0.0 LDAP Server and click Finish.
- Once the server is created, the state of the server will be “Stopped“.
- Right click on the server and click “Run” to stat the server.
Create Connection
- Make sure the server is up and running and the state is “Started“.
- Right click on the server and click on “Create a Connection“.
- The connection will be created and alert message will be displayed.
Create Organization Units
- Click on “Root DSE“
- Right click on “dc=example,dc=com“
- Select “New“
- Click on “New Entry“
- Select “Create entry from scratch” and click “Next“
- Type and select “organizationalUnit” object class
- Click on “Add” button and then click on “Next“
- Type “ou” for “RDN“
- Type value as “Groups” and then click “Next“
- Click on “Finish“
- Organizational Unit: Groups has been created
- Follow same approach to create Organizational Unit: Users
Create Users
- Select “ou=Users” and right click
- Select “New Entry“
- Select “Create entry from scratch” and click “Next“
- Type and select “inetOrgPerson” and click “Add” and then click “Next“
- Select RDN as “cn” and value as “sample_usr_1” and click “Next“
- Enter “sn” as “sample_usr_1“
- Right click on the window and select “New Attribute“
- Select “uid” and set value as “sample_usr_1“
- Right click on the window and select “New Attribute“
- Select “userPassword” and click “Finish“
- On the next window, setup the password for the user
- Click “Finish“
- User “dn: cn=sample_usr_1,ou=Users,dc=example,dc=com” has been created.
- Follow same approach to create some more users
Create Group
- Select “ou=Groups” and right click
- Select “New Entry“
- Select “Create entry from scratch” option and click “Next“
- Select “groupOfUniqueNames“
- Click on “Add” and then click “Next“
- Enter RDN as “ou” and value as “SAMPLE_GRP“
- Click “Next“
- Type value for “cn” as “SAMPLE_GRP“
- You will be asked to enter “uniqueMember“
- Provide value as “cn=sample_usr_1,ou=Users,dc=example,dc=com” (or any other user).
- Click “Finish“
- User “sample_usr_1″ has been added to the group
- Follow same approach to add more users to the group
Now, you have everything to implement LDAP Authentication and Authorization in your application.