Using OpenLDAP with Authentik
Learn how to set the configuration settings so that Authentik will use your OpenLDAP service for user information and authentication
Updated at January 28th, 2026
Table of Contents
Authentik is an open-source, self-hosted Identity Provider (IdP) and Single Sign-On (SSO) platform designed to secure, manage, and authenticate users across applications. It functions as a flexible alternative to solutions like Okta or Azure AD, supporting protocols such as OAuth2, SAML, LDAP, and SCIM. Key features include multi-factor authentication (MFA), user lifecycle management, and a proxy for securing non-native apps.
Use the following configuration settings. Make sure you replace “dc=example,dc=com” with the root DN for your OpenLDAP service.
Additional information for setting up Authentik with OpenLDAP may be found here:
https://docs.goauthentik.io/add-secure-apps/providers/ldap
Name
ldapSlug
ldapConnection settings
Server URI
ldap://<server fully-qualified-domain-name or IP address>:389TLS Verification Certificate
---------Bind CN
The Bind CN item is the distinguished name (DN) of the administrative user you will use to login (authenticate) to the OpenLDAP server for Authentik to do its work.
uid=admin,ou=people,dc=example,dc=comBind Password
The Bind Password is the password for the admin account.
ADMIN_PASSWORDBase DN
Remember, this must be the base DN for the OpenLDAP directory. It should look something like:
dc=example,dc=comLDAP Attribute mapping
User Property Mappings
Group Property Mappings
Additional settings
Group
---------User path
LDAP/usersAddition User DN
ou=peopleAddition Group DN
ou=groupsUser object filter
(objectClass=person)Group object filter
(objectClass=groupOfUniqueNames)Group membership field
memberObject uniqueness field
uid