Learn how to log in to Infisical with LDAP.
Prepare the LDAP configuration in Infisical
ldap://ldap.your-org.com
, ldaps://ldap.myorg.com:636
(for connection over SSL/TLS), etc.cn=infisical,ou=Users,dc=acme,dc=com
.Bind DN
when performing the user search.ou=Users,dc=acme,dc=com
ou=Groups,dc=acme,dc=com
.(objectClass=posixGroup)
. The template can access the following context variables: [UserDN
, UserUID
, UserName
]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
which is compatible with several common directory schemas.Define mappings from LDAP groups to groups in Infisical
Engineers
to the Infisical group Engineers
when the user sets up their account with Infisical.In this case, you would specify a mapping from the LDAP group with CN Engineers
to the Infisical group Engineers
.
Now when the user logs into Infisical via LDAP, Infisical will check the LDAP groups that the user is a part of whilst referencing the group mappings you created earlier. Since the user is a member of the LDAP group with CN Engineers
, they will be added to the Infisical group Engineers
.
In the future, if the user is no longer part of the LDAP group with CN Engineers
, they will be removed from the Infisical group Engineers
upon their next login.Enable LDAP in Infisical