import ConfigurationUrl from "./configuration.png"; import LDAPSigninUrl from "./ldap-signin.png"; import LDAPUserUrl from "./ldap-user.png"; import LDAPWithOAuthUrl from "./ldap-with-oauth.png";

LDAP Authentication

:::subscription This feature is available in the Enterprise plans. :::

LDAP authentication is a method of authenticating users against an LDAP server. It allows users to manage accounts and permissions centrally, making it easier to control access to resources.

Configuration Guide

• Host: LDAP server address, formatted as ldap.example.com
• Port: The port number for the LDAP server, typically 389 for LDAP and 636 for LDAPS.
• Bind DN: The LDAP User is used to manage LDAP authentication and collect LDAP user data;
  • e.g., cn=admin,ou=people,dc=example,dc=app
• Bind Password: Bind DN user password.
• Base DN: The LDAP Group which is permitted to login to Tabby;
  • e.g., ou=people,dc=ikw,dc=app
• User Filter: The expr to match ldap username, please use %s as a placeholder for the username;
  • e.g., (uid=%s), (&(uid=%s)(objectClass=inetOrgPerson))
• Encryption: one of the following
  • NONE
  • StartTLS
  • LDAPS
• User information mapping: The LDAP attribute used to map to the Tabby User attribute.
  • Email: The attribute used to represent the email address on the LDAP server. e.g., mail
  • Name: The attribute used to represent the name on the LDAP server. e.g., cn

Login Page

• Username: The username on LDAP server, typically the prefix of the email address.
• Password: The user password on LDAP server.

Others

LDAP users can not change user attributes

LDAP users can not change the following attributes on Tabby:

• Name
• Email
• Password

Only support one LDAP Configuration

Tabby only supports one LDAP configuration at a time.

LDAP and OAuth can exist simultaneously