LDAP Authentication Advanced

Release date 2025/12/18

Feature

• added support for the tls_certificate_verify global option. When this option is enabled and LDAPS is used, the plugin’s verify_ldap_host setting cannot be disabled.

Release date 2025/10/01

Bugfix

• Fixed a group validation issue where LDAP group names containing asterisk (*) characters were incorrectly marked as invalid during Kong Manager RBAC authentication. Group names with asterisk characters (such as *Dev - EXAMPLE - TOP) now properly validate and allow role mapping.

Release date 2025/10/23

Bugfix

• Fixed group validation issue where LDAP group names containing asterisk () characters were incorrectly marked as invalid during Kong Manager RBAC authentication. Group names with asterisk characters (such as “Dev - EXAMPLE - TOP”) now properly validate and allow role mapping.

Release date 2025/07/03

Bugfix

• Fixed an issue that caused browsers to automatically pop up dialog boxes when authentication failed while ldap-auth-advanced was enabled in the Kong Manager.

Release date 2025/10/10

Bugfix

• Fixed group validation issue where LDAP group names containing asterisk () characters were incorrectly marked as invalid during Kong Manager RBAC authentication. Group names with asterisk characters (such as “Dev - EXAMPLE - TOP”) now properly validate and allow role mapping.

Release date 2025/03/27

Bugfix

• Fixed an issue where binary string was truncated at the first null character.

Release date 2025/07/07

Bugfix

• Fixed an issue where binary string was truncated at the first null character.

Release date 2025/04/10

Bugfix

• Fixed an issue where binary string was truncated at the first null character.

Release date 2024/09/11

Feature

• Supported decoding an empty sequence or set represented in long form length

Bugfix

• Added WWW-Authenticate headers to all 401 response.

Release date 2025/04/10

Bugfix

• Fixed an issue where binary string was truncated at the first null character.

Release date 2024/05/28

Bugfix

• fix an issue where if the credential is encoded with no username kong will throw an error and return 500

• fix an issue where an exception will be thrown when ldap search fails

Release date 2024/10/11

Bugfix

• fix an issue where an exception will be thrown when ldap search fails

Release date 2024/02/26

Bugfix

• fix an issue where if the credential is encoded with no username kong will throw an error and return 500

Release date 2024/02/12

Feature

• support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

• fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

• support for consumer group scoping by using pdk kong.client.authenticate function

Release date 2024/05/20

Feature

• support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Bugfix

• fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

• fix an issue where if the credential is encoded with no username kong will throw an error and return 500

• support for consumer group scoping by using pdk kong.client.authenticate function

Release date 2025/09/05

Bugfix

• Fixed an issue where an empty sequence or set represented in long form length couldn’t be decoded.

Release date 2025/03/26

Bugfix

• Fixed an issue where binary string was truncated at the first null character.

Release date 2024/08/08

Bugfix

• Fixed an issue where an exception will be thrown when ldap search fails

Release date 2024/03/21

Bugfix

• support for consumer group scoping by using pdk kong.client.authenticate function

Release date 2024/02/10

Bugfix

• fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

• fix an issue where if the credential is encoded with no username kong will throw an error and return 500

Release date 2023/12/22

Feature

• support decoding non-standard asn1 integer and enumerated encoded with redundant leading padding

Release date 2023/05/19

Bugfix

• The plugin now performs authentication before authorization, and returns a 403 HTTP code when a user isn’t in the authorized groups.

• The plugin now supports setting the groups to an empty array when groups are not empty.

Release date 2022/12/06

Feature

• The anonymous field can now be configured as the username of the consumer. This field allows you to configure a string to use as an “anonymous” consumer if authentication fails.

Release date 2022/09/09

Feature

• This plugin now allows authorization based on group membership. The new configuration parameter, groups_required, is an array of string elements that indicates the groups that users must belong to for the request to be authorized.

• The character . is now allowed in group attributes.

• The character : is now allowed in the password field.

Bugfix

• Fixed an issue where Kong Manager LDAP authentication failed when base_dn was the domain root.

Breaking Change

• Updated the priority for some plugins.: ldap-auth-advanced changed from 1002 to 1200

Release date 2024/03/26

Bugfix

• fix some cache-related issues which cause groups_required to not work properly and unexpected return codes after a non-200 response

Release date 2022/11/21

Bugfix

• Fixed an issue where operational attributes referenced by group_member_attribute weren’t returned in search query results.

Release date 2022/10/12

Bugfix

• The characters . and : are now allowed in group attributes.

Release date 2022/04/07

Bugfix

• Support passwords that contain a : character

Release date 2022/03/02

Feature

• Beta feature: The ldap_password and bind_dn configuration fields are now marked as referenceable, which means they can be securely stored assecretsin a vault. References must follow a specific format.