WebsiteCommunityDeveloperFree Trial
Search…
Rocket.Chat Documentation
Getting Support
Development Docs
Quick Start
Deploying Rocket.Chat
Scaling Rocket.Chat
Accessing Your Workspace
Installing Client Apps
Updating Rocket.Chat
Environment Configuration
Guides
User Guides
Administration
Basic White-labeling
Identity Management (EE vs CE)
Admin Panel
Go Fully Featured
Info
Import
Users
Rooms (aka Channels)
Invites
Connectivity Services
View Logs
Custom sounds
Federation Dashboard
Apps
Email Inboxes
Custom Emoji
Integrations
OAuth Applications
Mailer
Custom User Status
Permissions
Settings
Accounts
Analytics
Assets
Atlassian Crowd
Blockstack
Bots
CAS
Custom Emoji Filesystem
Custom Sound Filesystem
Discussion
E2E Encryption
Email
Enterprise
Federation
File Upload
General
IRC
IRC Federation
Layout
LDAP
LDAP Authentication Settings
LDAP Basic Settings
LDAP Examples
Settings
LDAP Sync Settings
Timeouts Settings
Call Center
Livestream & Broadcasting (Youtube)
Logs
Message
Meta
Mobile
OAuth
Omnichannel Admin's Guide
OTR
Push (Notifications Admin Guide)
Rate Limiter
Retention Policy
SAML
Search
Setup Wizard
SlackBridge
Smarsh
SMS
Threads
Troubleshoot
User Data Download
Webdav Integration
WebRTC
Engagement Dashboard
Device Management
Advanced Admin Settings
Omnichannel
Message Auditing Panel
Message Auditing Log
Rocket.Chat Voice Channel
Rocket.Chat Conference Call
App Guides
Mobile Guides
Roles in Rocket.Chat
Security and Compliance Guides
Brand and Visual Guidelines
Enterprise Edition Trial
Rocket.Chat SaaS
Cloud Account
Resources
Frequently Asked Questions
Contributors
How can I help?
Contributor Code of Conduct
Annual Contribution Programs
Github Sponsorship
Legal
Terms of Service
Master Services Agreement for Self Managed Workspaces
Master Service Agreement for Professional Services
Privacy Policy
Privacy Policy Facebook Messenger
Code of Conduct for our services
GDPR
Censorship and Harmful Content
Guidelines for Law Enforcement
Server Lookup
DMCA Policy
Powered By GitBook
LDAP Examples
  • Host = ldap.domain.com
  • Group = CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com (Access Control Group)
  • Proxy User = [email protected] or CN=rocket service,CN=Users,DC=domain,DC=com (DN or userPrincipalName)
  • Proxy User password = urpass (Proxy Users password)
For now (until we add more input fields to LDAP) set it like this: (This is based on the above assumptions, replace with your environment)

Log on with a username

  • LDAP_Enable = True
  • LDAP_Dn = dc=domain,dc=com
  • LDAP_Url = ldap://ldapserver
  • LDAP_Port = 389
  • LDAP_Bind_Search =
{"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}
If you need to auth users from subgroups in LDAP use this filter:
LDAP_Bind_search = {"filter": "(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(sAMAccountName=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

Log on with email address

  • LDAP_Enable = True
  • LDAP_Dn = dc=domain,dc=com
  • LDAP_Url = ldap://ldapserver
  • LDAP_Port = 389
  • LDAP_Bind_Search =
{"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(mail=#{username}))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

Log on with either email address or username

  • LDAP_Enable = True
  • LDAP_Dn = dc=domain,dc=com
  • LDAP_Url = ldap://ldapserver
  • LDAP_Port = 389
  • LDAP_Bind_Search =
{"filter": "(&(objectCategory=person)(objectclass=user)(memberOf=CN=ROCKET_ACCESS,CN=Users,DC=domain,DC=com)(|(mail=#{username})(sAMAccountName=#{username})))", "scope": "sub", "userDN": "[email protected]", "password": "urpass"}

Log in

When you enable LDAP the login form will login users via LDAP instead the internal account system.

LDAPS - SSL Connection

Use stunnel to create a secure connection to the LDAP server. Create a new configuration file /etc/stunnel/ldaps.conf with following content:
options = NO_SSLv2
​
[ldaps]
client = yes
accept = 389
connect = your_ldap_server.com:636
To enable Stunnel automatic startup change the ENABLED variable in /etc/default/stunnel4 to 1:
# Change to one to enable stunnel automatic startup
ENABLED=1
Finally on the Rocket.Chat server under /admin/LDAP set
  • LDAP_Url = localhost
  • LDAP_Port = 389
Previous
LDAP Basic Settings
Next
Settings
Last modified 4mo ago
Export as PDF
Copy link
Outline
Log on with a username
Log on with email address
Log on with either email address or username
Log in
LDAPS - SSL Connection