The LDAP URL of the directory service in the format ldap://host:port/DN or ldaps://host:port/DN.
Example: ldaps://ldap.company.com/ou=people,dc=company,dc=com

The DN of the account that authenticates and queries the directory service

The query used to bind with the directory service.
Use {% raw %}{{username}}{% endraw %} to reference the username entered in the login page.
Example: uid={% raw %}{{username}}{% endraw %},dc=domain,dc=com

The password for the Bind DN account.

The password that is entered in the login page will be used to bind.

The query used to locate the authenticated user.
Use {% raw %}{{username}}{% endraw %} to reference the username entered in the login page.
If empty, the filter (uid={% raw %}{{username}}{% endraw %}) is used.

Example to match with 'uid' or 'mail': (|(uid={% raw %}{{username}}{% endraw %})(mail={% raw %}{{username}}{% endraw %}))

Specification of mappings when creating new users

The base DN from which to search for groups. If defined, also Group Search Filter must be defined for the search to work.
Example: ou=groups,dc=domain,dc=com

The query used to filter for groups.
Use {% raw %}{{dn}}{% endraw %} to have it replaced of the found user object.

Example: (&(cn=group1)(memberUid={% raw %}{{dn}}{% endraw %})) hits the groups which has cn=group1 and memberUid includes the user's uid (when Group DN Property is not changed from the default value.)

The property of user object to use in {% raw %}{{dn}}{% endraw %} interpolation of Group Search Filter.