Docs
Configuration
Authentication
LDAP/AD

LDAP/AD Server Authentication

You can use a Lightweight Directory Access Protocol (LDAP) authentication server to authenticate users.

LDAP/AD Server Configuration

Basic Configuration

  • LDAP_URL, LDAP_BIND_DN, and LDAP_USER_SEARCH_BASE are required.
  • LDAP_SEARCH_FILTER is optional; if not specified, the mail attribute is used by default. If specified, use the literal {{username}} to use the given username for the search.
KeyTypeDescriptionExample
LDAP_URLstringLDAP server URL.LDAP_URL=ldap://localhost:389
LDAP_BIND_DNstringBind DNLDAP_BIND_DN=cn=root
LDAP_BIND_CREDENTIALSstringPassword for bindDNLDAP_BIND_CREDENTIALS=password
LDAP_USER_SEARCH_BASEstringLDAP user search baseLDAP_USER_SEARCH_BASE=o=users,o=example.com
LDAP_SEARCH_FILTERstringLDAP search filterLDAP_SEARCH_FILTER=mail={{username}}

Active Directory over SSL

To connect via SSL (ldaps://), such as a company using Windows AD, specify the path to the internal CA certificate.

KeyTypeDescriptionExample
LDAP_CA_CERT_PATHstringCA certificate path.LDAP_CA_CERT_PATH=/path/to/root_ca_cert.crt