Skip to content
Roster Roster Roster Docs

LDAP Connector

The LDAP connector reads users, groups, and group membership from LDAP-compatible directories, including Active Directory when LDAP or LDAPS is the selected integration path.

Provider Path

Section titled “Provider Path”
LDAP v3 over LDAP or LDAPS

Typical operations:

bind
search users
search groups
read group members

Production Requirements

Section titled “Production Requirements”
  • LDAP or LDAPS endpoint reachable from Roster. Use ldaps:// for encrypted LDAP transport.
  • bind identity with read access to user, group, and membership entries
  • user and group search bases
  • user, group, and membership filters
  • TLS trust configuration for LDAPS
  • credential stored as an encrypted Roster provider secret

Prefer LDAPS for production deployments. In the Platform connector form, the TLS option stores and uses an ldaps:// URL; a plain ldap:// URL is only appropriate for isolated directory sources that do not support a valid LDAPS certificate.

Secret Kinds

Section titled “Secret Kinds”

Supported secret kinds:

bind_password
certificate
private_key

Set provider-secret encryption before storing credentials:

ROSTER_PROVIDER_SECRET_ENCRYPTION_KEY=<high-entropy-secret>
ROSTER_PROVIDER_SECRET_KEY_ID=env:prod-2026-05

Normalized Data

Section titled “Normalized Data”

The connector normalizes LDAP records into Roster directory users and groups:

queryUsers(query)
getUser(externalId)
queryGroups(query)
getGroup(externalId)
getGroupMembers(externalId, query)

Use field mappings to align LDAP attributes with Roster directory fields, then map users or groups to participants.