LDAP ==== __This feature is available in the Enterprise Edition.__ The basic options are `--ldap.enabled`, `--ldap.tls`, `--ldap.port`, `--ldap.server` and `--ldap.permissions-attribute-name`. `--ldap.server` and `--ldap.port` can be replace by `--ldap.url`. `--ldap.permissions-attribute-name` has the format *databse-name=(*|rw|none)[,database-name=(*|rw|none)]*. There are two modes of operation: *simple auth* and *bind+search*. ### simple auth Example: --ldap.enabled true --ldap.server 192.168.2.119 --ldap.permissions-attribute-name description \ --ldap.prefix uid= --ldap.suffix ,dc=example,dc=com `--ldap.prefix` and `--ldap.suffix` build the distinguished name (DN). ArangoDB trys to authenticate with *prefix* + *ArangoDB username* + *suffix* against the ldap server and search for the database permissions. ### bind+search --ldap.enabled true --ldap.server 192.168.2.119 --ldap.basedn dc=example,dc=com --ldap.searchfilter "objectClass=simpleSecurityObject" --ldap.searchattribute "uid" --ldap.binddn cn=admin,dc=example,dc=com --ldap.bindpasswd hallo --ldap.permissionsattributename description --ldap.permissionsattributename ldap attributename where the permissions for the database are located. Format: database=(*|rw|none)[,database=(*|rw|none)] (default: "") // simple mode --ldap.prefix ldap prefix, eg. uid= xor dn= xor cn= (default: "") --ldap.suffix ldap suffix, eg. ,dc=example,dc=com (default: "") // search + bind --ldap.basedn ldap basedn, eg. dc=example,dc=com (default: "") --ldap.binddn ldap binddn, eg. cn=admin,dc=example,dc=com (default: "") --ldap.bindpasswd ldap bindpassword, eg. admin (default: "") --ldap.searchattribute ldap searchattribute, eg. uid (default: "uid") --ldap.searchfilter ldap searchfilter, eg. (objectClass=simpleSecurityObject) (default: "objectClass=*") --ldap.url ldap url, eg. TBD (default: "")