Skip to main content
POST
/
api
/
v1
/
auth
/
ldap-auth
/
identities
/
{identityId}
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/auth/ldap-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "templateId": "<string>",
  "searchFilter": "(uid={{username}})",
  "allowedFields": [
    {
      "key": "<string>",
      "value": "<string>"
    }
  ],
  "ldapCaCertificate": "<string>",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0,
  "lockoutEnabled": true,
  "lockoutThreshold": 3,
  "lockoutDurationSeconds": 300,
  "lockoutCounterResetSeconds": 30
}
'
{
  "identityLdapAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "url": "<string>",
    "searchBase": "<string>",
    "searchFilter": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "allowedFields": null,
    "accessTokenPeriod": 0,
    "templateId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "lockoutEnabled": true,
    "lockoutThreshold": 3,
    "lockoutDurationSeconds": 300,
    "lockoutCounterResetSeconds": 30
  }
}

Documentation Index

Fetch the complete documentation index at: https://infisical.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the machine identity to attach the configuration onto.

Body

application/json
templateId
string
required

The ID of the identity auth template to attach the configuration onto.

searchFilter
string
default:(uid={{username}})

The filter to use to search for the LDAP user.

Minimum string length: 1
allowedFields
object[]

The comma-separated array of key/value pairs of required fields that the LDAP entry must have in order to authenticate.

ldapCaCertificate
string

The PEM-encoded CA certificate for the LDAP server.

accessTokenTrustedIps
object[]

The IPs or CIDR ranges that access tokens can be used from.

Minimum array length: 1
accessTokenTTL
integer
default:2592000

The lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenMaxTTL
integer
default:2592000

The maximum lifetime for an access token in seconds.

Required range: 1 <= x <= 315360000
accessTokenNumUsesLimit
integer
default:0

The maximum number of times that an access token can be used.

Required range: x >= 0
lockoutEnabled
boolean
default:true

Whether the lockout feature is enabled.

lockoutThreshold
number
default:3

The amount of times login must fail before locking the identity auth method.

Required range: 1 <= x <= 30
lockoutDurationSeconds
number
default:300

How long an identity auth method lockout lasts.

Required range: 30 <= x <= 86400
lockoutCounterResetSeconds
number
default:30

How long to wait from the most recent failed login until resetting the lockout counter.

Required range: 5 <= x <= 3600

Response

Default Response

identityLdapAuth
object
required