Skip to main content


Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as that user with their password. This is useful when you have an on-premise LDAP server, and want to allow users to have a single password to manage.

Knocknoc configuration for LDAP is straightforward, simply configure your LDAPServerURL in Settings, and then add users with type LDAP, and configure their DN to attempt to bind to the server. The DN is the Distinguished Name of the user, which is essentially the full lookup path of the user object in the directory.

LDAP users can then be added to Knocknoc groups and mapped to ACLs this way.

See LDAP Troubleshooting for more information.