# LDAP

You can integrate `FSProtect` with your `Active Directory` or other `LDAP` server to make the authentication process easier.

The `LDAP Authentication Configuration` consists of two configuration requirements ;

* **LDAP Connection Configuration**
* **Access Control Settings**

<figure><img src="/files/YJaiW1ZfJm4ntxIL4Wa7" alt=""><figcaption><p>LDAP Authentication Settings</p></figcaption></figure>

## **Configuring the LDAP Connection**

You need to configure an LDAP connection with the parameters below.

**Status:** Status of the LDAP connection setting.

**Protocol:** LDAP protocol type, `LDAP` or `LDAPS`.

**Domain Controller IP Address:** IP Address of Domain Controller or LDAP server.

**Port:** Port number of the LDAP protocol, `389` or `636` by default.

**Search Base:** Distinguished name of the base container object, `Domain`, `Organizational Unit` or `Container`.

**User Name:** Netbios formatted Username field to test LDAP connection.

**Password:** Password field to test LDAP connection.

<figure><img src="/files/luN3gjzfNWf5qvOkdNTB" alt=""><figcaption><p>Configuring the LDAP Connection</p></figcaption></figure>

## **Configuring Access Control Settings**

After successfully establishing the LDAP connection, you should define the `Users` and `Groups` that can log in to the FSProtect with LDAP.

You can create Access Control entries with the parameters below.

**Account Type:** Type of account can log in to the FSProtect, `User` or `Group`. If the Group option is selected, recursive members of this group can log in to the FSProtect.

**Distinguished Name:** Distinguished Name of the account.

**Security Identifier:** Security Identifier (SID / objectSid) of the account.

**Privilege:** Privilege level of the account, `User (Read-Only)` or `Admin`.

<figure><img src="/files/9DIYE6DMOQvluSc6BtIX" alt=""><figcaption><p>Configuring the Access Control Settings</p></figcaption></figure>

After these configurations, you can log in to the FSProtect with Netbios formatted username and password.

<figure><img src="/files/BekSXnChXxEgbPNqChdf" alt=""><figcaption><p>Logging in with LDAP</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/settings/ldap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.