Lightweight Directory Access Protocol (LDAP) centralizes user authentication and directory data across your organization. Rocket.Chat integrates with LDAP and Active Directory (AD) to synchronize users, assign roles, and enforce access policies while maintaining secure transmission of sensitive data.
This section covers LDAP capabilities and guides you through configuration and operational workflows.
Key capabilities
Centralized user synchronization: Synchronize user accounts and profile data between LDAP and Rocket.Chat to maintain consistency across systems.
Automated background sync: Reflect directory changes automatically without manual intervention.
Role mapping from LDAP groups: Assign Rocket.Chat roles dynamically based on LDAP group membership.
Conditional auto-logout: Log users out automatically when defined LDAP conditions are no longer met.
Extended attribute sync: Synchronize additional user attributes to support advanced configurations such as ABAC.
For plan-specific feature availability, see the Authentication Across Plans guide.
Configure LDAP
To enable LDAP, go to:
Manage 
> Workspace > Settings > LDAP
Enable LDAP
Provide the required connection and authentication parameters.
Configure synchronization and role mapping as needed.
Once enabled, users can authenticate using their LDAP credentials.
LDAP quick actions
The LDAP settings page includes operational tools for validation and troubleshooting:
Test Connection: Verifies authentication and encryption settings (does not test synchronization).
Test LDAP Search: Validates your search configuration by attempting to locate a user.
Sync Now: Immediately runs synchronization based on your current data sync settings.
LDAP Documentation: Opens the official Rocket.Chat LDAP documentation.
Notes:
Quick actions are available on Rocket.Chat premium plans.
If no alert appears after running an action, review the Reports log for status or errors.