docs LDAP
Launch Nametag Get help

Connecting to LDAP

The Nametag directory agent can connect to an LDAP directory to perform recovery operations.

When you run the agent, a new item will be present under Directories in the Nametag console which represents the connection to your LDAP server. Configure this directory in the console to enable recovery operations and set policies for which operations are available to your users.

The agent must be running and connected for recovery operations to work. You should arrange for the agent to run as a service on a server that can connect to your LDAP directory. It is perfectly safe to run multiple instances of the service simultaneously, for example to provide high availability.

Note: The LDAP agent was built primarily to support OpenLDAP in a fairly standard configuration. There are many LDAP servers, and even more configurations of those servers used in practice. Your schema may vary. The implementation is open source and available in the Nametag CLI git repository.

Run the agent

To get started, install the Nametag CLI if you haven’t already. Then start the directory agent, for example:

nametag dir agent ldap \
  --ldap-url *LDAP_URL* \
  --base-dn *BASE_DN* \
  --bind-dn *BIND_DN* \
  --bind-password *BIND_PASSWORD*

Replace the following:

  • *LDAP_URL* with the URL of your LDAP server, for example ldap://localhost:389 or ldaps://ldap.example.com:636
  • *BASE_DN* with the base DN for your directory, for example dc=example,dc=com
  • *BIND_DN* with the bind DN for a user that can access the directory, for example cn=admin,dc=example,dc=com
  • *BIND_PASSWORD* with the password for the bind DN user

Some or all the arguments can be specified instead using environment variables. For example:

export LDAP_URL=*LDAP_URL*
export BASE_DN=*BASE_DN*
export BIND_DN=*BIND_DN*
export BIND_PASSWORD=*BIND_PASSWORD*
nametag dir agent ldap

You can also configure the directory agent using a configuration file, located by default at *HOME*/config/nametag/.config.yaml. For example:

Version: "1"
LDAPConfig:
  ldapurl: "ldap://localhost:389"
  binddn: "cn=admin,dc=example,dc=com"
  bindpassword: "admin_password"
  pagesize: 250
  basedn: "dc=example,dc=com"

With a configuration file, you can start the agent with:

nametag dir agent ldap