Active Directory and LDAP Configuration

  • Home
  • Docs
  • Active Directory and LDAP Configuration

Active Directory and LDAP Configuration

To prevent LDAP injection attacks, usernames are strictly sanitized. Permitted characters: alphanumerics, underscore(_), period(.), plus(+), and minus(-). You can override these allowed characters in base_config.cfg.


The hostname for your Active Directory or LDAP server. This field supports values such as,, and ldaps:// [:636].

For TLS operation (strongly advised), preface the hostname with ldaps://. Example for insecure LDAP: ldap://hostname:389.


A non-administrative user to check disabled or locked out status on other users. Only read-only (or self-only, standard user) privileges are needed. This field autodetects usernames in the following formats:

  • email: [email protected]
  • a single username in the base DN: username
  • LDAP distinguished name (DN) such as: CN=username, DC=corp, DC=example, DC=com

Note: If this field is set incorrectly, Userify will be unable to lock out, delete, or disable accounts when these actions occur in Active Directory.

This user should be just a standard user account, since most Active Directory configurations allow users to browse other user accounts as read-only. Set this account to never disable or need password changes.

Note: LDAP servers currently do not have a standard for disabled/locked out users, so detection of disabled or locked-out users currently is only utilized on Active Directory.

LDAP Password

The password for the non-admin user specified in ldap_email. A long, highly random password is recommended. All characters are permitted.


For Active Directory, provide the domain name/realm (ie that users exist in. For more control or LDAP installations, use a full LDAP Base DN.

As with LDAP User, if commas are detected, this is treated as a raw base DN; otherwise, it is appended to usernames to create fully distinguished AD usernames (ie [email protected]) if a simple username is provided.

Get More Information

Please fill out the form below to receive more information about Userify Express and Enterprise.