poc: ldap integration

[nsklikas]

PoC for using Hydra to integrate ldap with Kratos.

The werther project is used to bridge Hydra and LDAP servers. The project is unmaintained, but it proves that it shouldn't be very hard to implement this functionality.

Werther was using the hydra sdk v1, so I had to make some changes to the code (see here)

As discussed, the proposed architecture uses a 2nd hydra server (using different cookie names) that runs behind Kratos that is used to talk with LDAP.

To try the flow, you need to run:

$ docker compose  up --remove-orphans --force-recreate

When everything is up and running you can try to login via hydra, to do this you can use this script:

code_client=$(hydra create client \
  --endpoint http://localhost:4445 \
  --grant-type authorization_code,refresh_token,urn:ietf:params:oauth:grant-type:device_code \
  --response-type code \
  --format json \
  --scope openid,offline_access,email,profile \
  --redirect-uri http://127.0.0.1:4446/callback \
)
hydra perform authorization-code \
  --endpoint http://localhost:4444 \
  --client-id `echo "$code_client" | yq .client_id` \
  --client-secret  `echo "$code_client" | yq .client_secret` \
  --scope openid,profile,email,offline_access \
  --redirect http://127.0.0.1:4446/callback

To login with LDAP you can use:
username: aaa
password: 123

The user attributes can be found at https://github.com/canonical/identity-platform-login-ui/blob/IAM-1015/docker/ldap/ldap.ldif