Is it possible to authenticate via LDAP in a CSP REST application?

Question

Question

Evgenii Ermolaev · Apr 27, 2021

#Authentication #CSP #LDAP #REST API #Caché

I am using MDX2JSON do display data, it uses CSP REST to retrieve data and uses Password Authentication. I enabled LDAP authentication for this applicaiton, but it does not work.

Product version: Caché 2018.1

Discussion (7)2

Log in or sign up to continue

Rich Taylor · May 12, 2021

I have not tried this but if you enable LDAP security and select it for that Web Application then passing a username and password it may work. You would setup LDAP per the documentation for Cache.

As I said I am not sure that this would work in this context. An alternative is to use Delegated Authentication. Here is a link to a Global Summit presentation on dealing with LDAP in the Delegated Authentication zAuthenticate routine. https://community.intersystems.com/post/global-summit-2016-ldap-beyond-s...

This is a bit old and it is focused on dealing with custom LDAP schemas, but it will help you understand how to work with LDAP in code.

1 0

Katherine Reid · May 26, 2021

The two places that I would look for more information on a <PROTECT> error are the audit log and the line of code the error is coming from. The audit entry for a <PROTECT> error sometimes has more information about why the error was generated. The line of code can also help as it can show you whether there was an explicit permission check, a reference to a particular global, etc.

0 0

score 0 · Answer 1 · 2021-05-10T14:14:40-04:00

The AppS.REST Framework, described here: https://community.intersystems.com/post/appsrest-new-rest-framework-inte..., provides hooks for authentication (see "AuthenticationStrategy()" and "GetUserResource()" methods in AppS.REST.Handler class). You can use these hooks with the following "LDAP" package to interact with an LDAP database programmatically: https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY...

score 0 · Answer 2 · 2021-05-10T20:07:42-04:00

Evgenii Ermolaev · May 10, 2021

Unfortunately it is not supported for Cache

0 0

score 0 · Answer 3 · 2021-05-11T15:24:41-04:00

Jean Millette · May 11, 2021

You are correct; apologies for the bad pointer.

0 0

score 0 · Answer 4 · 2021-05-13T20:10:24-04:00

We are using MDX2JSON extension (back in the day the company needed to quickly roll out some application and did that without much thinking about the future and now I'm stuck with the issue). I have enabled LDAP authentication for all of it's applications, but still get 'Uknown login and password pair. Please try again' error (note that CSP applications in the same namespace DO work with LDAP authentication). I tried to find the authentication logic in the extension's classes, but did not find anything related to it.

I am trying my luck on the forums in case someone else faced an issue like this before going nuclear and rewriting everything.

score 0 · Answer 5 · 2021-05-20T01:44:26-04:00

I managed to bypass authentication with a crutch, but cannot access the data and get the following error:

{"Error":"ERROR #5002: Cache error: <PROTECT>%Construct+3^%DeepSee.ResultSet.1 ^DeepSee.Cache.LocalResults(\"session\"),e:\\hs-db\\tfoms\\"}{"Error":""}

Does anyone have an idea what could it mean? I've given the user everything I could imagine related to the issue (except %All of cource) but it still does not work.