{
  "id": "ldap",
  "title": "LDAP object",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/objects/ldap/",
  "summary": "An object that contains the cluster's LDAP configuration",
  "content": "\nAn API object that represents the cluster's [LDAP]() configuration.\n\n| Name | Type/Value | Description |\n|------|------------|-------------|\n| bind_dn | string | DN used when binding with the LDAP server to run queries |\n| bind_pass | string | Password used when binding with the LDAP server to run queries |\n| ca_cert | string | PEM-encoded CA certificate(s) used to validate TLS connections to the LDAP server |\n| cache_ttl | integer (default:\u0026nbsp;300) | Maximum TTL (in seconds) of cached entries |\n| control_plane | boolean (default:\u0026nbsp;false) | Use LDAP for user authentication/authorization in the control plane |\n| data_plane | boolean (default:\u0026nbsp;false) | Use LDAP for user authentication/authorization in the data plane |\n| directory_timeout_s | integer (range:\u0026nbsp;5-60) (default:\u0026nbsp;5) | The connection timeout to the LDAP server when authenticating a user, in seconds |\n| dn_group_attr | string | The name of an attribute of the LDAP user entity that contains a list of the groups that user belongs to. (Mutually exclusive with \"dn_group_query\") |\n| dn_group_query | complex object | An LDAP search query for mapping from a user DN to the groups the user is a member of. The substring \"%D\" in the filter will be replaced with the user's DN. (Mutually exclusive with \"dn_group_attr\") |\n| starttls | boolean (default:\u0026nbsp;false) | Use StartTLS negotiation for the LDAP connection |\n| uris | array of strings | URIs of LDAP servers that only contain the schema, host, and port |\n| user_dn_query | complex object | An LDAP search query for mapping from a username to a user DN. The substring \"%u\" in the filter will be replaced with the username. (Mutually exclusive with \"user_dn_template\") |\n| user_dn_template | string | A string template that maps between the username, provided to the cluster for authentication, and the LDAP DN. The substring \"%u\" will be replaced with the username. (Mutually exclusive with \"user_dn_query\") |\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00"
}