REST auth/user/password backend

LL::NG Portal provides REST end points for auth/user/password:

  • POST /proxy/pwdConfirm: check password
  • POST /proxy/getUser: get user data
  • POST /proxy/pwdReset: update password

These end points can be used to connect another LemonLDAP::NG server using REST authentication backend.

API

Password confirm

POST a JSON structure with user and password. It will return a JSON structure with result parameter (true or false).

Request:

curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}'  https://auth.example.com/proxy/pwdConfirm

Response:

{"result":true}

Get user data

POST a JSON structure with user. It will return a JSON structure with result and info parameters.

Request:

curl -H "Accept: application/json" -d '{"user":"rtyler"}'  https://auth.example.com/proxy/getUser

Response:

{"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}

Update password

POST a JSON structure with user or mail and password. It will return a JSON structure with result parameter.

Request:

curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}'  https://auth.example.com/proxy/pwdReset

Response:

{"result":true}

Setup

Manager

First, activate REST in General parameters » Plugins » Portal servers » REST authentication server and REST password reset server.

Apache

REST end points access must be allowed in Apache portal configuration (for example, access by IP range):

# REST/SOAP functions for proxy auth and password reset (disabled by default)
<Location /index.fcgi/proxy>
    Require ip 192.168.2.0/24
</Location>