Something wrong with the translation?

Help us to improve it on our translation platform

Configure LDAP

LDAP is a protocol for providing directory services. It acts as a central authority for user login information. Funkwhale supports LDAP through the Django LDAP authentication module.


LDAP users can’t change their password in the app.


LDAP support requires extra dependencies. We include these in our requirements files to make it easier to set up. If you aren’t using LDAP, you can safely remove these.

OS dependencies
  • libldap2-dev

  • libsasl2-dev

Python dependencies
  • python-ldap

  • python-django-auth-ldap

Environment variables

You can configure LDAP authentication using environment variables in your .env file.

Basic features


Set this to True to enable LDAP support


The LDAP URI of your authentication server.

LDAP_BIND_DN: String = cn=admin,dc=domain,dc=com

LDAP user DN to bind on so you can perform searches.

LDAP_BIND_PASSWORD: String = bindpassword

LDAP user password for bind DN.

LDAP_SEARCH_FILTER: String = (|(cn={0})(mail={0}))

The LDAP user filter, using {0} as the username placeholder. Uses standard LDAP search syntax.

LDAP_START_TLS: Boolean = False

Set to True to enable LDAP StartTLS support.

LDAP_ROOT_DN: String = dc=domain,dc=com

The LDAP search root DN. Supports several entries in a comma-delimited list.

LDAP_USER_ATTR_MAP: String = first_name:givenName, last_name:sn, username:cn, email:mail

A mapping of Django user attributes to LDAP values.


Controls whether to use direct binding.

Group features

LDAP provides extra features for working with groups. Group configuration is an advanced feature. Most users don’t need to configure these settings.

See also

Django’s LDAP documentation for groups.

LDAP_GROUP_DN: String = ou=groups,dc=domain,dc=com

The LDAP group search root DN. This needs to be set to True to enable group features.

LDAP_GROUP_FILTER: String = objectClass=groupOfNames

The LDAP group filter.

LDAP_REQUIRE_GROUP: String = cn=enabled,ou=groups,dc=domain,dc=com

The group that users need to be a member of to authenticate.

LDAP_DENY_GROUP: String = cn=disabled,ou=groups,dc=domain,dc=com

A group whose members can’t authenticate.