== link:index.html[Index] -> link:modules.html[Modules] -> link:modules_validators.html[Validators]

Validator: LDAP
~~~~~~~~~~~~~~~

The LDAP validator allows you to authenticate a user using the
Lightweight Directory Access Protocol v3.

[[parameters]]
Parameters
^^^^^^^^^^

[cols="20%,80%",options="header"]
|====================================================================
|Parameter   |Description
|__server__  |Name of the host providing the LDAP service.
|__port__    |Optional. Port number of the LDAP service.
              Default: __389__.
|__binddn__  |Optional. Bind Distinguished Name (`user`). If none
              is provided an anonymous bind will be attempted.
|__bindpw__  |Bind Password (`password`).
|__basedn__  |Base Distinguished Name.
|__filter__  |A filter that defines the conditions that must be
              fulfilled in order for the search to match a given
              entry. Use `${user}` in a filter as a substitution to
              match the identifier inputted by a user accessing the
              resource. The filter must resolve to a single user object.
              For LDAP filter syntax, refer to RFC 2254.
|__tls__     |Optional. Enable the use of TLS based integrity.
              Defaults to __0__.
|__ca_file__ |Optional. It's the CA filename. Must be provided
              if TLS is enabled.
|===================================================================


[[compatibility]]
Compatibility
^^^^^^^^^^^^^

This validator is compatible with the **basic** scheme.

[[notes]]
Notes
^^^^^
The server address can be specified as an IP address or a hostname.

Base DN, also known as search base, identifies the part of the
directory tree you want to manage.

Bind DN is the user name.

To select any user from LDAP as part of the `filter`, specify
`(uid=${user})`, where `uid` is the attribute that serves as your LDAP
user identifier.