Traccar server can authenticate users via external LDAP server. Authentication process happens in two steps:

If both steps are successful, user considered authenticated

There is still internal traccar user representation, it is created on first user login. Server administrator can configure adminGroup/adminFilter to automatically give user admin rights when he is created.



Search filter to login in Active Directory by either login or email


According to next filter user must be member of Traccar users group or its nested groups (!) and not disabled. It is valid for Active Directory.

(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar users,OU=Traccar,OU=Security,DC=domain,DC=local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))