eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-30 19:37:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

website/docs: clarify LDAP group attribute mappings (#21649)

Browse Source 
* website/docs: clarify LDAP group attribute mappings

Explain that LDAP source property mappings can be assigned to groups, add an example for copying a custom LDAP group attribute into authentik group attributes, and note how to decode JSON-encoded values.

Closes: https://github.com/goauthentik/authentik/issues/5874

* Update website/docs/users-sources/sources/protocols/ldap/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/users-sources/sources/protocols/ldap/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
This commit is contained in:
Dominic R
2026-04-17 08:33:29 -04:00
committed by GitHub
parent 909d1335ad
commit 81bfcbb4e8
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
website/docs/users-sources/sources/protocols/ldap/index.md
View File

@@ -73,6 +73,33 @@ return {
}
```
The same LDAP source property mapping type is used for both users and groups. A mapping only applies to groups when you assign it under **Group Property Mappings** on the LDAP source. If you only use the built-in group property mappings, synced groups will keep the automatically populated LDAP attributes, such as `distinguishedName`, but custom LDAP attributes won't be copied unless you add your own group mapping.
### Copy a custom LDAP group attribute
To store a custom LDAP group attribute in authentik's group `attributes`, create an **LDAP Source Property Mapping** and assign it to **Group Property Mappings** on the source:
```python
return {
"attributes": {
"acl": list_flatten(ldap.get("acl")),
},
}
```
If your LDAP server stores the value as JSON text and you want authentik to keep it as structured data instead of a string, decode it in the mapping:
```python
import json
raw_acl = list_flatten(ldap.get("acl"))
return {
"attributes": {
"acl": json.loads(raw_acl) if raw_acl else None,
},
}
```
### Built-in property mappings
LDAP property mappings are used when you define an LDAP source. These mappings define which LDAP property maps to which authentik property. By default, the following mappings are created: