Once you have configured LDAP user search, the next step is setting up Data Sync to keep your Rocket.Chat users aligned with your LDAP directory. These settings control how user data is imported, updated, and mapped.
Data Sync Options
Unique Identifier Field: The attribute(s) that link an LDAP user with a Rocket.Chat user. You can provide multiple values, separated by commas, to ensure the correct match. Default:
objectGUID, ibm-entryUUID, GUID, dominoUNID, nsuniqueId, uidNumber, uid.Merge Existing Users: If enabled, when an imported LDAP user matches an existing Rocket.Chat user (same username), their data will merge and update instead of creating a duplicate account.
Update User Data on Login: Automatically updates user data from LDAP every time they log in.
Update User Data on Login with OAuth services: Allows user data updates when logging in via OAuth.
Default Domain: Defines a domain that is appended to usernames when an LDAP record does not provide an email. This ensures every user gets a unique email in Rocket.Chat. For example:
Avatar
Sync User Avatar: Syncs profile pictures from LDAP.
User Avatar Field: The LDAP field used as the avatar source. Leave empty to use
thumbnailPhotoby default, falling back tojpegPhoto.
Mapping
Map LDAP attributes to Rocket.Chat fields:
Username Field: Defines the username for new users. By default, this is
sAMAccountName. You can also use template tags, for example:#{givenName}.#{sn}
Email Field: The LDAP field used for user email addresses.
Name Field: The field used for the display name.
Extension Field: (Optional) The field used if your workspace integrates with Rocket.Chat’s VoIP extension.
With these settings configured, Rocket.Chat keeps your user data consistent with LDAP while avoiding duplication issues and ensuring smooth authentication.
For workspaces on premium plans, additional options are available to further customize LDAP data sync behavior. These settings are covered in the next topic.