Skip to main content

LDAP Synchronization

Pocket ID can sync users and groups from an LDAP Source (lldap, OpenLDAP, Active Directory, etc.).

LDAP Sync

  • The LDAP Service will sync on Pocket ID startup and every hour once enabled from the Web UI.
  • Users or groups synced from LDAP can NOT be edited from the Pocket ID Web UI.

Generic LDAP Setup

  1. Follow the installation guide here.
  2. Once you have signed in with the initial admin account, navigate to the Application Configuration section at https://pocket.id/settings/admin/application-configuration.
  3. Client Configuration Setup
LDAP VariableExample ValueDescription
LDAP URLldaps://ldap.mydomain.com:636The URL with port to connect to LDAP
LDAP Bind DNcn=admin,ou=users,dc=domain,dc=comThe full DN value for the user with search privileges in LDAP
LDAP Bind PasswordsecurepasswordThe password for the Bind DN account
LDAP Search Basedc=domain,dc=comThe top-level path to search for users and groups
User Search Filter(objectClass=person)The filter to use to search for users from LDAP
User Group Search Filter(objectClass=groupOfNames)The filter to use to search for groups from LDAP

  1. LDAP Attribute Configuration Setup
LDAP VariableExample ValueDescription
User Unique Identifier AttributeuuidThe LDAP attribute to uniquely identify the user, this should never change
Username AttributeuidThe LDAP attribute to use as the username of users
User Mail AttributemailThe LDAP attribute to use for the email of users
User First Name AttributegivenNameThe LDAP attribute to use for the first name of users
User Last Name AttributesnThe LDAP attribute to use for the last name of users
Group Members AttributememberThe LDAP attribute to use for querying members of a group.
Group Unique Identifier AttributeuuidThe LDAP attribute to uniquely identify the groups, this should never change
Group Name AttributeuidThe LDAP attribute to use as the name of synced groups
Admin Group Name_pocket_id_adminsThe group name to use for admin permissions for LDAP users