LDAP

new LDAP(options, authData)

Parse Server Configuration

To configure Parse Server for LDAP authentication, use the following structure:

{
  auth: {
    ldap: {
      url: 'ldaps://ldap.example.com',
      suffix: 'ou=users,dc=example,dc=com',
      groupCn: 'admins',
      groupFilter: '(memberUid={{id}})',
      tlsOptions: {
        rejectUnauthorized: false
      }
    }
  }
}

Authentication Process

  1. Validates the provided authData using an LDAP bind operation.
  2. Optionally, verifies that the user belongs to a specific group by performing an LDAP search using the provided groupCn or groupFilter.

Auth Payload

The adapter requires the following authData fields:

  • id: The user's LDAP username.
  • password: The user's LDAP password.

Example Auth Payload

{
  "ldap": {
    "id": "jdoe",
    "password": "password123"
  }
}
Parameters:
NameTypeDescription
optionsObject

The adapter configuration options.

Properties
NameTypeAttributesDescription
urlString

The LDAP server URL. Must start with ldap:// or ldaps://.

suffixString

The LDAP suffix for user distinguished names (DN).

dnString<optional>

The distinguished name (DN) template for user authentication. Replace {{id}} with the username.

tlsOptionsObject<optional>

Options for LDAPS TLS connections.

groupCnString<optional>

The common name (CN) of the group to verify user membership.

groupFilterString<optional>

The LDAP search filter for groups, with {{id}} replaced by the username.

authDataObject

The authentication data provided by the client.

Properties
NameTypeDescription
idString

The user's LDAP username.

passwordString

The user's LDAP password.

See
Example

Configuration Example

// Example Parse Server configuration:
const config = {
  auth: {
    ldap: {
      url: 'ldaps://ldap.example.com',
      suffix: 'ou=users,dc=example,dc=com',
      groupCn: 'admins',
      groupFilter: '(memberUid={{id}})',
      tlsOptions: {
        rejectUnauthorized: false
      }
    }
  }
};