Self-hosting Apidog
  1. Authentication Providers
Self-hosting Apidog
  • Overview
  • Introduction
    • Obtaining Apidog On-Premises License
    • System Requirements
    • Data Privacy & Compliance
  • Deployment
    • Running Apidog on Docker
    • Running Apidog on Kubernetes
    • Running Apidog Multi-Container Deployment without Kubernetes
  • Post Deployment
    • Accessing Apidog Admin Panel
    • Accessing Apidog Web Interface
    • Installing Apidog On-Premises Client
  • Configurations
    • Environment Variables
    • Database Configuration
    • Storage Services Configuration
    • Git Connection Configuration
    • Authentication Providers
      • Using LDAP for Authentication
      • Using OKTA for Authentication
      • Using OAuth2.0 for Authentication
  • Maintenance & Upgrades
    • Updating Apidog
    • Backing up Apidog
    • License Renewal
    • System Design Flow
  • Troubleshooting
    • Troubleshooting
    • FAQ
  • Apidog API (coming soon)
  1. Authentication Providers

Using LDAP for Authentication

Environment VariableDescriptionDefault ValueOther
LDAP_ENABLEWhether to enable LDAP login serviceSet to true to enable
LDAP_URLThe address of the LDAP service in the format ldap://ip:port. For example, ldap://127.0.0.1:389Required when LDAP is enabled
LDAP_BIND_USERThe account used to connect to LDAP. For example, cn=admin,dc=example,dc=orgRequired when LDAP is enabled
LDAP_BIND_PASSWORDThe password used to connect to LDAP. When anonymous access is disabled in LDAP, the administrator account and password must be configuredRequired when LDAP is enabled
LDAP_BASE_DNLDAP Base DN, the Base Dn used for LDAP username retrieval. For example, dc=example,dc=orgRequired when LDAP is enabled
LDAP_USER_ID_ATTRDefault is dn, based on the standard openldap LDAP service, which has a unique dn field used as the unique id for ldap user attributes; if there is a username or email, you can also configure the username (name) or email (mail)dnRequired when LDAP is enabled, if there is an email field, it is recommended to use mail first
LDAP_LOGIN_TITLEDefault is LDAP Login, the form name on the login pageLDAP LoginOptional
LDAP_USERNAME_ATTRUsed for username login, search, and display. It is recommended to keep it unique. If it appears duplicated, a random number will be added after the username. By default, it will take the uid field of openldap's standard LDAP serviceuidOptional
LDAP_USER_EMAIL_ATTREmail field used for login and search. By default, it will take the mail attribute of openldap's standard LDAP service. Private users can choose not to configure mail, and using username login will not be affectedmailOptional
LDAP_EMPLOYEE_NUMBER_ATTRMapping field for employee number, can be used for searchOptional
LDAP_SEARCH_FILTERSearch filter for ldap serviceOptional

Configuration Example#

- name: LDAP_ENABLE
  value: 'true'
- name: LDAP_URL
  value: >-
    ldap://192.168.10.64:389
- name: LDAP_BIND_USER
  value: >-
    CN=Administrators,CN=Users,DC=apidog,DC=com
- name: LDAP_BIND_PASSWORD
  value: <secret>
- name: LDAP_BASE_DN
  value: DC=apidog,DC=com
- name: LDAP_LOGIN_TITLE
  value: Continue with LDAP
- name: LDAP_USER_ID_ATTR
  value: sAMAccountName
- name: LDAP_USERNAME_ATTR
  value: sAMAccountName
- name: LDAP_EMPLOYEE_NUMBER_ATTR
  value: uidNumber
- name: LDAP_USER_EMAIL_ATTR
  value: mail
- name: LDAP_SEARCH_FILTER
  value: '(&(sAMAccountName={{username}}))'

FAQs on LDAP Authentication#

1.
If you are using Active Directory (Microsoft AD Server Edition), it is recommended to configure the following search filter:
LDAP_SEARCH_FILTER='(&(sAMAccountName={{username}}))'
2.
If you're using Active Directory synchronization mode, consider switching to a different domain controller for improved performance and reliability.
3.
To restrict login to members of a specific group in LDAP, configure the search filter as follows:
LDAP_SEARCH_FILTER='(&(sAMAccountName={{username}})(memberOf=......))',
For-example:
Modified at 2025-12-08 05:03:55
Previous
Git Connection Configuration
Next
Using OKTA for Authentication
Built with