Kong · Schema

LdapAuthPluginConfig

API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source

Properties

Name Type Description
config object
name object
protocols array A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins th
route object If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service object If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
View JSON Schema on GitHub

JSON Schema

kong-ldapauthpluginconfig-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/LdapAuthPluginConfig",
  "title": "LdapAuthPluginConfig",
  "x-speakeasy-entity": "PluginLdapAuth",
  "properties": {
    "config": {
      "type": "object",
      "properties": {
        "anonymous": {
          "description": "An optional string (consumer UUID or username) value to use as an \u201canonymous\u201d consumer if authentication fails. If empty (default null), the request fails with an authentication failure `4xx`.",
          "type": "string"
        },
        "attribute": {
          "description": "Attribute to be used to search the user; e.g. cn",
          "type": "string"
        },
        "base_dn": {
          "description": "Base DN as the starting point for the search; e.g., dc=example,dc=com",
          "type": "string"
        },
        "cache_ttl": {
          "description": "Cache expiry time in seconds.",
          "type": "number",
          "default": 60
        },
        "header_type": {
          "description": "An optional string to use as part of the Authorization header",
          "type": "string",
          "default": "ldap"
        },
        "hide_credentials": {
          "description": "An optional boolean value telling the plugin to hide the credential to the upstream server. It will be removed by Kong before proxying the request.",
          "type": "boolean",
          "default": true
        },
        "keepalive": {
          "description": "An optional value in milliseconds that defines how long an idle connection to LDAP server will live before being closed.",
          "type": "number",
          "default": 60000
        },
        "ldap_host": {
          "description": "A string representing a host name, such as example.com.",
          "type": "string"
        },
        "ldap_port": {
          "description": "An integer representing a port number between 0 and 65535, inclusive.",
          "type": "integer",
          "default": 389,
          "maximum": 65535,
          "minimum": 0
        },
        "ldaps": {
          "description": "Set to `true` to connect using the LDAPS protocol (LDAP over TLS).  When `ldaps` is configured, you must use port 636. If the `ldap` setting is enabled, ensure the `start_tls` setting is disabled.",
          "type": "boolean",
          "default": false
        },
        "realm": {
          "description": "When authentication fails the plugin sends `WWW-Authenticate` header with `realm` attribute value.",
          "type": "string"
        },
        "start_tls": {
          "description": "Set it to `true` to issue StartTLS (Transport Layer Security) extended operation over `ldap` connection. If the `start_tls` setting is enabled, ensure the `ldaps` setting is disabled.",
          "type": "boolean",
          "default": false
        },
        "timeout": {
          "description": "An optional timeout in milliseconds when waiting for connection with LDAP server.",
          "type": "number",
          "default": 10000
        },
        "verify_ldap_host": {
          "description": "Set to `true` to authenticate LDAP server. The server certificate will be verified according to the CA certificates specified by the `lua_ssl_trusted_certificate` directive.",
          "type": "boolean",
          "default": true
        }
      },
      "required": [
        "attribute",
        "base_dn",
        "ldap_host"
      ]
    },
    "name": {
      "const": "ldap-auth"
    },
    "protocols": {
      "description": "A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.",
      "type": "array",
      "items": {
        "enum": [
          "grpc",
          "grpcs",
          "http",
          "https",
          "ws",
          "wss"
        ],
        "type": "string"
      },
      "format": "set",
      "default": [
        "grpc",
        "grpcs",
        "http",
        "https",
        "ws",
        "wss"
      ]
    },
    "route": {
      "description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    },
    "service": {
      "description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        }
      }
    }
  },
  "required": [
    "config"
  ]
}