REST auth/user/password backend =============================== LL::NG Portal provides REST end points for auth/user/password: - POST /proxy/pwdConfirm: check password - POST /proxy/getUser: get user data - POST /proxy/pwdReset: update password These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend`. API --- Password confirm ~~~~~~~~~~~~~~~~ POST a JSON structure with ``user`` and ``password``. It will return a JSON structure with ``result`` parameter (``true`` or ``false``). Request: .. code:: curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}' https://auth.example.com/proxy/pwdConfirm Response: .. code-block:: javascript {"result":true} Get user data ~~~~~~~~~~~~~ POST a JSON structure with ``user``. It will return a JSON structure with ``result`` and ``info`` parameters. Request: .. code:: curl -H "Accept: application/json" -d '{"user":"rtyler"}' https://auth.example.com/proxy/getUser Response: .. code-block:: javascript {"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true} Update password ~~~~~~~~~~~~~~~ POST a JSON structure with ``user`` or ``mail`` and ``password``. It will return a JSON structure with ``result`` parameter. Request: .. code:: curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}' https://auth.example.com/proxy/pwdReset Response: .. code-block:: javascript {"result":true} Setup ----- Manager ~~~~~~~ First, activate REST in ``General parameters`` » ``Plugins`` » ``Portal servers`` » ``REST authentication server`` and ``REST password reset server``. Apache ~~~~~~ REST end points access must be allowed in Apache portal configuration (for example, access by IP range): .. code-block:: apache # REST/SOAP functions for proxy auth and password reset (disabled by default) Require ip 192.168.2.0/24