HAProxy community

LDAP as backend for BasicAuth (Userlist)

Hi everybody,

I’m currently moving various former Apache ReverseProxy’d sites to HAProxy.
In Apache I used Basic Auth with LDAP as Backend (authz_ldap).
In HAProxy one can do Basic Auth, too with the need of UserLists. Now I’m wondering, if it is possible to use LDAP as Auth Backend for BasicAuth instead of UserLists in HAProxy … so one can have one centralized UserManagement for different Services…

Thx in advance for any hint!

To my knowledge HAProxy doesn’t support LDAP (or any non-static configuration) backend for authentication.

However, given that HAProxy does have support for Lua based fetches or actions, one could implement a simple web service that interacts with LDAP and exposes an HTTP-based API, and then from Lua one can interrogate this translator service.

(In fact if you search for HAProxy + Lua + LDAP you might be lucky and find something already implemented.)