Skip to main content
POST
/
api
/
v1
/
ldap
/
config
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/ldap/config \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "organizationId": "<string>",
  "isActive": true,
  "url": "<string>",
  "bindDN": "<string>",
  "bindPass": "<string>",
  "uniqueUserAttribute": "uidNumber",
  "searchBase": "<string>",
  "searchFilter": "(uid={{username}})",
  "groupSearchBase": "<string>",
  "groupSearchFilter": "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))",
  "caCert": ""
}'
{
  "updatedAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z",
  "isActive": true,
  "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "searchBase": "<string>",
  "searchFilter": "",
  "groupSearchBase": "",
  "uniqueUserAttribute": "",
  "groupSearchFilter": ""
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Body

application/json
organizationId
string
required

The ID of the organization to create the LDAP config for.

isActive
boolean
required

Whether to enable or disable this LDAP configuration.

url
string
required

The LDAP server to connect to such as ldap://ldap.your-org.com, ldaps://ldap.myorg.com:636 (for connection over SSL/TLS), etc.

bindDN
string
required

The distinguished name of the object to bind when performing the user search such as cn=infisical,ou=Users,dc=acme,dc=com

bindPass
string
required

The password to use along with Bind DN when performing the user search.

searchBase
string
required

The base DN to use for the user search such as ou=Users,dc=acme,dc=com

groupSearchBase
string
required

LDAP search base to use for group membership search such as ou=Groups,dc=acme,dc=com

uniqueUserAttribute
string
default:uidNumber

The attribute to use as the unique identifier of LDAP users such as sAMAccountName, cn, uid, objectGUID. If left blank, defaults to uidNumber

searchFilter
string
default:(uid={{username}})

The template used to construct the LDAP user search filter such as (uid={{username}}) uses literal {{username}} to have the given username used in the search. The default is (uid={{username}}) which is compatible with several common directory schemas.

groupSearchFilter
string
default:(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))

The template used when constructing the group membership query such as (&(objectClass=posixGroup)(memberUid={{.Username}})). The template can access the following context variables: [UserDN, UserName]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) which is compatible with several common directory schemas.

caCert
string
default:""

The CA certificate to use when verifying the LDAP server certificate.

Response

Default Response

updatedAt
string<date-time>
required
createdAt
string<date-time>
required
isActive
boolean
required
orgId
string<uuid>
required
id
string<uuid>
required
url
string
required
searchBase
string
required
searchFilter
string
default:""
groupSearchBase
string
default:""
uniqueUserAttribute
string
default:""
groupSearchFilter
string
default:""