Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. Integration Tutorials: OpenLDAP
  4. Log into the Dashboard using LDAP

Log into the Dashboard using LDAP

Below is a sample TIB profile that can be used to log a user into the Dashboard using an LDAP pass-through provider:

    "ActionType": "GenerateOrLoginUserProfile",
    "ID": "4",
    "OrgID": "{YOUR-ORG-ID}",
    "ProviderConfig": {
        "FailureRedirect": "http://{DASH-DOMAIN}:{DASH-PORT}/?fail=true",
        "LDAPAttributes": [],
        "LDAPPort": "389",
        "LDAPServer": "localhost",
        "LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=test-ldap,dc=tyk,dc=io"
    "ProviderName": "ADProvider",
    "ReturnURL": "http://{DASH-DOMAIN}:{DASH-PORT}/tap",
    "Type": "passthrough"

The only step necessary to perform this is to send a POST request to the LDAP URL.

TIB can pull a username and password out of a request in two ways:

  1. Two form fields called “username” and “password”
  2. A basic auth header using the Basic Authentication standard form

By default, TIB will look for the two form fields. To enable Basic Auth header extraction, add "GetAuthFromBAHeader": true to the ProviderConfig section.

The request should be a POST.

If you make this request with a valid user that can bind to the LDAP server, Tyk will redirect the user to the dashboard with a valid session. There’s no more to it, this mechanism is pass-through and is transparent to the user, with TIB acting as a direct client to the LDAP provider.

Note: The LDAPUserDN field MUST contain the special *USERNAME* marker in order to construct the users OU properly.