Authentication Users Password


This backend can be used to delegate authentication to some webservices.


In Manager, go in General Parameters > Authentication modules and choose REST for authentication, users and/or password modules.

Then, go in REST parameters and you just have to set REST URL to provide wanted services:

Module Parameter
Authentication level Authentication level for this module
Authentication Authentication URL
User database User data URL
Password confirmation Password confirmation URL
Password change Password change URL


You can then choose any other module for users and password.

REST Dialog

LemonLDAP::NG will call the endpoints you declared at various steps during the login process.

The request performed by LemonLDAP::NG is a POST on the URL you specified, the content of the POST is a JSON document (Content-Type: application/json).

REST web services must respond with a success HTTP code (200), and the response must be a JSON document containing a result key. Auth/UserDB endpoints can add an info array that will be stored in session data (without reading “Exported variables”).

URL Query Response
Authentication URL {"user":$user,"password":$password} {"result":true/false,"info":{...}}
User data URL {"user":$user} {"result":true/false,"info":{"uid":"dwho",...}}
Password confirmation URL {"user":$user,"password":$password} {"result":true/false}
Password change URL {"user":$user,"password":$password} {"result":true/false}


To have only one REST call during the login process, you can set REST only as an Authentication backend, configure Null as your User Database, and make sure the REST authentication URL send all your user attributes in the info response key