Skip to content

Active Directory/LDAP Authentication for Admin Interface #4485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cvillegas1976 opened this issue Apr 14, 2025 · 4 comments
Open

Active Directory/LDAP Authentication for Admin Interface #4485

cvillegas1976 opened this issue Apr 14, 2025 · 4 comments
Labels
enhancement

Comments

@cvillegas1976
Copy link

Currently, Nginx Proxy Manager lacks native Active Directory/LDAP integration for admin authentication, forcing enterprises to maintain separate credentials or implement complex workarounds.

Proposed Solution
Implement LDAP/AD authentication for the admin UI with:

  • Secure LDAP/LDAPS connectivity
  • Group-based role mapping (Admin/User)
  • Standard attribute support (sAMAccountName, memberOf, etc.)

Example Configuration

"auth": {
  "ldap": {
    "enabled": true,
    "url": "ldap://ad.example.com:389",
    "bindDN": "cn=admin,dc=example,dc=com",
    "bindCredentials": "secret",
    "userSearchBase": "ou=users,dc=example,dc=com",
    "usernameAttribute": "sAMAccountName",
    "groupSearchBase": "ou=groups,dc=example,dc=com"
  }
}

Key Benefits

✅ Enterprise-ready authentication
✅ Centralized user management
✅ Improved security compliance
✅ Reduced credential fatigue

Additional Context
This would mirror functionality found in:

  • Authelia (but more lightweight)
  • Portainer's LDAP implementation
  • TrueNAS directory services

Willingness to Help
I can:

  • Test beta versions in production
  • Provide AD server samples
  • Assist with documentation
@sergeybezlepkin
Copy link

Claudio this is the top feature that NPM is missing, very much looking forward to it, thank you

@gdeeble
Copy link

gdeeble commented Apr 24, 2025

Claudio, does it need to be LDAP or could it be OIDC? I know that there is Pull Request #4010 that is for adding OIDC functionality.

@cvillegas1976
Copy link
Author

cvillegas1976 commented Apr 24, 2025 via email

@gdeeble
Copy link

gdeeble commented Apr 24, 2025

That's fair, I figured I'd make mention incase you had something already in place. I can see LDAP being beneficial though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gdeeble @cvillegas1976 @sergeybezlepkin