Learn how to authenticate with Infisical using LDAP.
Creating an identity
Configuring LDAP auth for your identity
URL
: The LDAP server to connect to such as ldap://ldap.your-org.com
, ldaps://ldap.myorg.com:636
(for connection over SSL/TLS), etc.Bind DN
: The DN to bind to the LDAP server with.Bind Pass
: The password to bind to the LDAP server with.Search Base / DN
: Base DN under which to perform user search such as ou=Users,dc=acme,dc=com
.User Search Filter
: Template used to construct the LDAP user search filter such as (uid={{username}})
; use literal {{username}}
to have the given username used in the search. The default is (uid={{username}})
which is compatible with several common directory schemas.Required Attributes
: A key/value pair of attributes that must be present in the LDAP user entry for them to be authenticated. As an example, if you set key uid
to value user1,user2,user3
, then only users with uid
of user1
, user2
, or user3
will be able to login with this identity. Each value is a comma separated list of attributes.CA Certificate
: The CA certificate to use when verifying the LDAP server certificate. This field is optional but recommended.Access Token TTL
(default is 2592000 equivalent to 30 days): The lifetime for an access token in seconds. This value will be referenced at renewal time.Access Token Max TTL
(default is 2592000 equivalent to 30 days): The maximum lifetime for an access token in seconds. This value will be referenced at renewal time.Access Token Max Number of Uses
(default is 0): The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses.Access Token Trusted IPs
: The IPs or CIDR ranges that access tokens can be used from. By default, each token is given the 0.0.0.0/0, allowing usage from any network address.Authenticating with the identity
https://app.infisical.com
with https://eu.infisical.com
or your self-hosted instance’s URL in the request URL.