📝 docs: LDAP/AD authentication

2026-03-27 10:48:32 +07:00 · 2024-05-25 02:32:34 -07:00
parent b7988ed811
commit c33239f7d1
2 changed files with 70 additions and 0 deletions
--- a/pages/docs/configuration/authentication/ldap.mdx
+++ b/pages/docs/configuration/authentication/ldap.mdx
@@ -0,0 +1,45 @@
+---
+title: LDAP/AD
+description: Learn how to configure LibreChat to use LDAP for user authentication.
+---
+
+# LDAP/AD Server Authentication
+
+You can use a Lightweight Directory Access Protocol (LDAP) authentication server to authenticate users.
+
+## LDAP/AD Server Configuration
+
+**Basic Configuration**
+
+- `LDAP_URL`, `LDAP_BIND_DN`, and `LDAP_USER_SEARCH_BASE` are required.
+- `LDAP_SEARCH_FILTER` is optional; if not specified, the `mail` attribute is used by default. If specified, use the literal `{{username}}` to use the given username for the search.
+
+<OptionTable
+  options={[
+    ['LDAP_URL', 'string', 'LDAP server URL.', 'LDAP_URL=ldap://localhost:389'],
+    ['LDAP_BIND_DN', 'string', 'Bind DN', 'LDAP_BIND_DN=cn=root'],
+    ['LDAP_BIND_CREDENTIALS', 'string', 'Password for bindDN', 'LDAP_BIND_CREDENTIALS=password'],
+    [
+      'LDAP_USER_SEARCH_BASE',
+      'string',
+      'LDAP user search base',
+      'LDAP_USER_SEARCH_BASE=o=users,o=example.com',
+    ],
+    ['LDAP_SEARCH_FILTER', 'string', 'LDAP search filter', 'LDAP_SEARCH_FILTER=mail={{username}}'],
+  ]}
+/>
+
+**Active Directory over SSL**
+
+To connect via SSL (ldaps://), such as a company using Windows AD, specify the path to the internal CA certificate.
+
+<OptionTable
+  options={[
+    [
+      'LDAP_CA_CERT_PATH',
+      'string',
+      'CA certificate path.',
+      'LDAP_CA_CERT_PATH=/path/to/root_ca_cert.crt',
+    ],
+  ]}
+/>
--- a/pages/docs/configuration/dotenv.mdx
+++ b/pages/docs/configuration/dotenv.mdx
@@ -777,6 +777,31 @@ For more information:
  ]}
 />

+#### [LDAP/AD Authentication](/docs/configuration/authentication/ldap)
+
+For more information: **[LDAP/AD Authentication](/docs/configuration/authentication/ldap)**
+
+<OptionTable
+  options={[
+    ['LDAP_URL', 'string', 'LDAP server URL.', 'LDAP_URL=ldap://localhost:389'],
+    ['LDAP_BIND_DN', 'string', 'Bind DN', 'LDAP_BIND_DN=cn=root'],
+    ['LDAP_BIND_CREDENTIALS', 'string', 'Password for bindDN', 'LDAP_BIND_CREDENTIALS=password'],
+    [
+      'LDAP_USER_SEARCH_BASE',
+      'string',
+      'LDAP user search base',
+      'LDAP_USER_SEARCH_BASE=o=users,o=example.com',
+    ],
+    ['LDAP_SEARCH_FILTER', 'string', 'LDAP search filter', 'LDAP_SEARCH_FILTER=mail={{username}}'],
+    [
+      'LDAP_CA_CERT_PATH',
+      'string',
+      'CA certificate path.',
+      'LDAP_CA_CERT_PATH=/path/to/root_ca_cert.crt',
+    ],
+  ]}
+/>
+
 ### Email Password Reset

 Email is used for password reset. See: **[Email Password Reset](/docs/configuration/authentication/password_reset)**