LDAP

Description

Traccar server can authenticate users via external LDAP server. Authentication process happens in two steps:

If both steps are successful, user considered authenticated

There is still internal traccar user representation, it is created on first user login. Server administrator can configure adminGroup/adminFilter to automatically give user admin rights when he is created.

Configuration

Examples

Search filter to login in Active Directory by either login or email

(|(sAMAccountName=:login)(mail=:login))

According to next filter user must be member of Traccar users group or its nested groups (!) and not disabled. It is valid for Active Directory.

(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar users,OU=Traccar,OU=Security,DC=domain,DC=local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))