Something wrong with the translation?

Help us to improve it on our translation platform

Configure LDAP

LDAP is a protocol for providing directory services. It acts as a central authority for user login information. Funkwhale supports LDAP through the Django LDAP authentication module.

Important

LDAP users can’t change their password in the app.

Dependencies

LDAP support requires extra dependencies. We include these in our requirements files to make it easier to set up. If you aren’t using LDAP, you can safely remove these.

Environment variables

You can configure LDAP authentication using environment variables in your .env file.

Basic features

LDAP_ENABLED: Boolean: Set this to True to enable LDAP support

LDAP_SERVER_URI: URI = ldap://my.host:389: The LDAP URI of your authentication server.

LDAP_BIND_DN: String = cn=admin,dc=domain,dc=com: LDAP user DN to bind on so you can perform searches.

LDAP_BIND_PASSWORD: String = bindpassword: LDAP user password for bind DN.

LDAP_SEARCH_FILTER: String = (|(cn={0})(mail={0})): The LDAP user filter, using {0} as the username placeholder. Uses standard LDAP search syntax.

LDAP_START_TLS: Boolean = False: Set to True to enable LDAP StartTLS support.

LDAP_ROOT_DN: String = dc=domain,dc=com: The LDAP search root DN. Supports several entries in a comma-delimited list.

LDAP_USER_ATTR_MAP: String = first_name:givenName, last_name:sn, username:cn, email:mail: A mapping of Django user attributes to LDAP values.

AUTH_LDAP_BIND_AS_AUTHENTICATING_USER: Boolean = False: Controls whether to use direct binding.

Group features

LDAP provides extra features for working with groups. Group configuration is an advanced feature. Most users don’t need to configure these settings.