> ## Documentation Index > Fetch the complete documentation index at: https://infisical.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Attach > Attach LDAP Auth configuration onto machine identity ## OpenAPI ````yaml POST /api/v1/auth/ldap-auth/identities/{identityId} openapi: 3.0.3 info: title: Infisical API description: List of all available APIs that can be consumed version: 0.0.1 servers: - url: https://us.infisical.com description: Production server (US) - url: https://eu.infisical.com description: Production server (EU) - url: http://localhost:8080 description: Local server security: [] paths: /api/v1/auth/ldap-auth/identities/{identityId}: post: tags: - LDAP Auth description: Attach LDAP Auth configuration onto machine identity operationId: attachLdapAuth parameters: - schema: type: string in: path name: identityId required: true description: The ID of the machine identity to attach the configuration onto. requestBody: required: true content: application/json: schema: anyOf: - type: object properties: templateId: type: string description: >- The ID of the identity auth template to attach the configuration onto. searchFilter: type: string minLength: 1 default: (uid={{username}}) description: The filter to use to search for the LDAP user. allowedFields: type: array items: type: object properties: key: type: string value: type: string required: - key - value additionalProperties: false description: >- The comma-separated array of key/value pairs of required fields that the LDAP entry must have in order to authenticate. ldapCaCertificate: type: string description: The PEM-encoded CA certificate for the LDAP server. accessTokenTrustedIps: type: array items: type: object properties: ipAddress: type: string required: - ipAddress additionalProperties: false minItems: 1 default: - ipAddress: 0.0.0.0/0 - ipAddress: '::/0' description: >- The IPs or CIDR ranges that access tokens can be used from. accessTokenTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The lifetime for an access token in seconds. accessTokenMaxTTL: type: integer minimum: 1 maximum: 315360000 default: 2592000 description: The maximum lifetime for an access token in seconds. accessTokenNumUsesLimit: type: integer minimum: 0 default: 0 description: >- The maximum number of times that an access token can be used. lockoutEnabled: type: boolean default: true description: Whether the lockout feature is enabled. lockoutThreshold: type: number minimum: 1 maximum: 30 default: 3 description: >- The amount of times login must fail before locking the identity auth method. lockoutDurationSeconds: type: number minimum: 30 maximum: 86400 default: 300 description: How long an identity auth method lockout lasts. lockoutCounterResetSeconds: type: number minimum: 5 maximum: 3600 default: 30 description: >- How long to wait from the most recent failed login until resetting the lockout counter. required: - templateId additionalProperties: false - type: object properties: url: type: string description: The URL of the LDAP server. bindDN: type: string description: The DN of the user to bind to the LDAP server. bindPass: type: string description: The password of the user to bind to the LDAP server. searchBase: type: string description: The base DN to search for the LDAP user. searchFilter: type: string minLength: 1 default: (uid={{username}}) description: The filter to use to search for the LDAP user. allowedFields: type: array items: type: object properties: key: type: string value: type: string required: - key - value additionalProperties: false description: >- The comma-separated array of key/value pairs of required fields that the LDAP entry must have in order to authenticate. ldapCaCertificate: type: string description: The PEM-encoded CA certificate for the LDAP server. accessTokenTrustedIps: type: array items: type: object properties: ipAddress: type: string required: - ipAddress additionalProperties: false minItems: 1 default: - ipAddress: 0.0.0.0/0 - ipAddress: '::/0' description: >- The IPs or CIDR ranges that access tokens can be used from. accessTokenTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The lifetime for an access token in seconds. accessTokenMaxTTL: type: integer minimum: 1 maximum: 315360000 default: 2592000 description: The maximum lifetime for an access token in seconds. accessTokenNumUsesLimit: type: integer minimum: 0 default: 0 description: >- The maximum number of times that an access token can be used. lockoutEnabled: type: boolean default: true description: Whether the lockout feature is enabled. lockoutThreshold: type: number minimum: 1 maximum: 30 default: 3 description: >- The amount of times login must fail before locking the identity auth method. lockoutDurationSeconds: type: number minimum: 30 maximum: 86400 default: 300 description: How long an identity auth method lockout lasts. lockoutCounterResetSeconds: type: number minimum: 5 maximum: 3600 default: 30 description: >- How long to wait from the most recent failed login until resetting the lockout counter. required: - url - bindDN - bindPass - searchBase additionalProperties: false responses: '200': description: Default Response content: application/json: schema: type: object properties: identityLdapAuth: type: object properties: id: type: string format: uuid accessTokenTTL: type: number default: 7200 accessTokenMaxTTL: type: number default: 7200 accessTokenNumUsesLimit: type: number default: 0 accessTokenTrustedIps: {} identityId: type: string format: uuid url: type: string searchBase: type: string searchFilter: type: string allowedFields: nullable: true createdAt: type: string format: date-time updatedAt: type: string format: date-time accessTokenPeriod: type: number default: 0 templateId: type: string format: uuid nullable: true lockoutEnabled: type: boolean default: true lockoutThreshold: type: number default: 3 lockoutDurationSeconds: type: number default: 300 lockoutCounterResetSeconds: type: number default: 30 required: - id - identityId - url - searchBase - searchFilter - createdAt - updatedAt additionalProperties: false required: - identityLdapAuth additionalProperties: false '400': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 400 message: type: string error: type: string details: {} required: - reqId - statusCode - message - error additionalProperties: false '401': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 401 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '403': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 403 message: type: string details: {} error: type: string required: - reqId - statusCode - message - error additionalProperties: false '404': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 404 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '422': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 422 message: {} error: type: string required: - reqId - statusCode - error additionalProperties: false '500': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 500 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false security: - bearerAuth: [] components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: An access token in Infisical ````