How to secure api using basic authendication against LDAP in Azure APIM?

Question

we have the API in azure api management which need to verify the user credential against LDAP on the incoming requests from the consumer.

Does APIM supports any custom policy to connect ldap server to perform this verification.

Does APIM support any custom code like Javascript/Java/.net/python/Node JS , if we are not able perform any operation using APIM built in polices?

Answer 1

Gopikrishnan Dhanasekaran Thank you for posting your question in Microsoft Q&A. Currently, we support modern auth protocols and specs such as OAuth, OIDC etc. but don't support LDAP calls (answer no to your first question).

With send-request policy (reference doc), APIM gateway can only make HTTP, HTTPs calls, so you would need to create an external service as a rest API to gateway and then validate the response in the policy. Suggested a couple of options below and you can choose any custom code like Javascript/Java/.net/python/Node JS for your implementation (as long as it is rest api).

1. One option is to use custom code to expose LDAP authentication as http endpoints and check out a similar project on this topic https://github.com/UniStuttgart-VISUS/Visus.LdapAuthentication
2. Other option is to explore Azure Functions in which you can install and utilize LDAP libraries and expose it as a Rest API to APIM gateway. If you are interested in this feature and like to submit feedback to our product team, feel free to submit via https://aka.ms/apimwish.

I hope this helps with your question and feel free to add a comment for any question. Please accept as "Yes" if the answer is helpful, so that it can help others in the community.