LDAP Authentication Advanced

Related Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https ws wss
Related Resources

3.10.0.0

Release date 2025/03/27

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.8.1.1

Release date 2025/04/10

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.8.0.0

Release date 2024/09/11

Feature

  • Supported decoding an empty sequence or set represented in long form length

Bugfix

  • Added WWW-Authenticate headers to all 401 response.

3.7.1.5

Release date 2025/04/10

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.7.0.0

Release date 2024/05/28

Bugfix

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

  • fix an issue where an exception will be thrown when ldap search fails

3.6.1.8

Release date 2024/10/11

Bugfix

  • fix an issue where an exception will be thrown when ldap search fails

3.6.1.0

Release date 2024/02/26

Bugfix

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

3.6.0.0

Release date 2024/02/12

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.5.0.4

Release date 2024/05/20

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.4.3.17

Release date 2025/03/26

Bugfix

  • Fixed an issue where binary string was truncated at the first null character.

3.4.3.12

Release date 2024/08/08

Bugfix

  • Fixed an issue where an exception will be thrown when ldap search fails

3.4.3.5

Release date 2024/03/21

Bugfix

  • support for consumer group scoping by using pdk kong.client.authenticate function

3.4.3.4

Release date 2024/02/10

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

  • fix an issue where if the credential is encoded with no username kong will throw an error and return 500

3.4.3.2

Release date 2023/12/22

Feature

  • support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

3.3.0.0

Release date 2023/05/19

Bugfix

  • The plugin now performs authentication before authorization, and returns a 403 HTTP code when a user isn’t in the authorized groups.

  • The plugin now supports setting the groups to an empty array when groups are not empty.

3.1.0.0

Release date 2022/12/06

Feature

  • The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

3.0.0.0

Release date 2022/09/09

Feature

  • This plugin now allows authorization based on group membership. The new configuration parameter, groups_required, is an array of string elements that indicates the groups that users must belong to for the request to be authorized.

  • The character . is now allowed in group attributes.

  • The character : is now allowed in the password field.

Bugfix

  • Fixed an issue where Kong Manager LDAP authentication failed when base_dn was the domain root.

Breaking Change

  • Updated the priority for some plugins.: ldap-auth-advanced changed from 1002 to 1200

2.8.4.8

Release date 2024/03/26

Bugfix

  • fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

2.8.2.1

Release date 2022/11/21

Bugfix

  • Fixed an issue where operational attributes referenced by group_member_attribute weren’t returned in search query results.

2.8.2.0

Release date 2022/10/12

Bugfix

  • The characters . and : are now allowed in group attributes.

2.8.1.0

Release date 2022/04/07

Bugfix

  • Support passwords that contain a : character

2.8.0.0

Release date 2022/03/02

Feature

  • Beta feature: The ldap_password and bind_dn configuration fields are now marked as referenceable, which means they can be securely stored assecretsin a vault. References must follow a specific format.

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!