# Configure LDAP service

Configure LDAP service

LDAP is a tree-type database used to store user and organization information. It is often used for single sign-on and organizational structure management.

# What is LDAP?

LDAP is a lightweight directory access protocol. The full English name is Lightweight Directory Access Protocol, and is generally referred to as LDAP. You can understand it as a tree-shaped database used to store user and organization information. It is often used for single sign-on (SSO). For more information, please [click here](https://baike.baidu.com /item/LDAP/2875565).

To use the LDAP service, please create an OAuth application or [create an OIDC application](../oidc/create-oidc.md#chuang-jian-oidc-ying- yong).

After creation, the LDAP service is available to all OAuth or OIDC applications.

We have prepared an LDAP test application (opens new window) that allows you to experience the whole process of logging in with LDAP (test account: admin, test password: admin).

LDAP test application

If you want to access the LDAP service, please follow the steps below to complete the LDAP configuration.

# Add LDAP service

Add LDAP service

Add LDAP service page

# Fill in relevant information

Fill in the relevant information in the pop-up dialog box. If you don't know how to fill in, you can click "Click here" in the upper right corner to fill in the test configuration information.

LDAP service information test

Use the LDAP service information we provide

# Parameter explanation

LDAP alias, required, customized LDAP service name
LDAP link, required, the address of the LDAP server, such as: ldap://dc.fabrikam.com
Base DN, required, the username used to connect to LDAP, this username will be used to test the connection results and search for users or user groups
Password, required, the password used to connect to LDAP, the password will be encrypted and stored in the database
Binding endpoint, required, defines which directory to start searching from, such as: dc=fabrikam,dc=local
Query conditions, required, if it is mail here, it means that the user information is inquired through mailbox information. Note that this field information corresponds to the field stored in the LDAP database. If the field storing user mailbox information is email, you need to modify it to email here.

# Connectivity test

The connectivity test can help you check whether the parameters are filled in correctly. If you fill in the "test configuration", then click the "connectivity test" on the page and you should see the following results:

Connectivity test

You can use this test to test different Base DN and passwords.

# Verify user

Authenticating users can help you check whether the query conditions are correct. If the query conditions are incorrect, an error that the user cannot be found will be returned.

The test user name we gave is admin, the password is admin, and the query condition is cn, which is the default account and secret information provided by openLDAP. After clicking "Authenticate User", you should see the following results:

Authenticate user

If the query condition is changed from cn to cnn, then the following results should be returned at this time:

Query condition test

In this way, users can complete the debugging of LDAP by modifying the bind endpoint and query condition.

After the configuration is complete, access any OAuth application or OIDC application to log in with an LDAP account.

We have prepared an LDAP test application (opens new window) that allows you to experience the whole process of logging in with LDAP:

Test account: admin

Test password: admin

← Interfacing with SSOCircle SAML IdP Use Authing's LDAP user directory →