Skip to main content

LDAP Authentication

πŸ’°SUBSCRIPTION

This feature is available in the Enterprise plans.

LDAP authentication is a method of authenticating users against an LDAP server. It allows users to manage accounts and permissions centrally, making it easier to control access to resources.

Configuration Guide​

LDAP Configuration
  • Host: LDAP server address, formatted as ldap.example.com
  • Port: The port number for the LDAP server, typically 389 for LDAP and 636 for LDAPS.
  • Bind DN: The LDAP User is used to manage LDAP authentication and collect LDAP user data;
    • e.g., cn=admin,ou=people,dc=example,dc=app
  • Bind Password: Bind DN user password.
  • Base DN: The LDAP Group which is permitted to login to Tabby;
    • e.g., ou=people,dc=ikw,dc=app
  • User Filter: The expr to match ldap username, please use %s as a placeholder for the username;
    • e.g., (uid=%s), (&(uid=%s)(objectClass=inetOrgPerson))
  • Encryption: one of the following
    • NONE
    • StartTLS
    • LDAPS
  • User information mapping: The LDAP attribute used to map to the Tabby User attribute.
    • Email: The attribute used to represent the email address on the LDAP server. e.g., mail
    • Name: The attribute used to represent the name on the LDAP server. e.g., cn

Login Page​

LDAP Signin
  • Username: The username on LDAP server, typically the prefix of the email address.
  • Password: The user password on LDAP server.

Others​

LDAP users can not change user attributes​

LDAP User

LDAP users can not change the following attributes on Tabby:

  • Name
  • Email
  • Password

Only support one LDAP Configuration​

Tabby only supports one LDAP configuration at a time.

LDAP and OAuth can exist simultaneously​

LDAP with OAuth