Graphql-engine: example application using ldap for authentication

Created on 21 Jan 2019 · 5Comments · Source: hasura/graphql-engine

Hi guys,
Can you guide me how to implement Hasura with a LDAP active directory authentication?
I think it's useful if we can provide some of this frequently asked feature as predefine docker-compose file.
For example with OpenLDAP and PHP LDAP Admin.

community help wanted

Source

mnlbox

Most helpful comment

@tirumaraiselvan Maybe we can do this with Keycloak and keycloak-hasura-connector (special thanks to @httpsOmkar :wink: )
But we still need docs, tutorial and example about using LDAP with Hasura.

Also related: #1779

mnlbox on 11 Apr 2019

👍2

All 5 comments

Hi @mnlbox

Since Hasura does not package any auth systems by default, we can't put a LDAP server in official docker installations.

We would love the community to write a simple boilerplate which connects to a LDAP server and authenticates the user. The basic boilerplate should include:

1) Script/docs to setup a LDAP server which manages username, password, allowed-roles.
2) A LDAP web service which is a LDAP client that reads data from, say, Authorization header which contains base64 encoded value of "user:password:role". It passes this info to LDAP server and receives True or False or allowed-roles. The web service returns appropriate session variables as response.

3) Instructions to deploy this LDAP web service.

tirumaraiselvan on 24 Jan 2019

👍2

Also related: #1779

mnlbox on 11 Apr 2019

👍2

Yes actually, that's why I needed support for keyclock because I need to use active directory for internal users and gmail for external ones. A video tutorial would be amazing

lobosan on 12 Apr 2019

@lobosan I have the same requirement, I think we can also do the gmail login with Auth0 and they also have an LDAP connector for AD. This this isn't all on premise, which I'm guessing you need.