LDAP

Traccar server can authenticate users via external LDAP (Lightweight Directory Access Protocol) server. Authentication process happens in two steps:

If both steps are successful, the user considered authenticated

There is still an internal Traccar user representation, which is created on first user login. Server administrator can configure adminGroup/adminFilter to automatically give user admin rights when it is registered.

Configuration

Examples

Search filter to login in Active Directory by either login or email

<entry key='ldap.searchFilter'>(|(sAMAccountName=:login)(mail=:login))</entry>

According to next filter user must be member of Traccar users group or its nested groups (!) and not disabled. It is valid for Active Directory.

<entry key='ldap.searchFilter'>(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar users,OU=Traccar,OU=Security,DC=domain,DC=local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>