Can I use LDAP over Secure Socket Links, SSL/TLS (LDAPS)?

Modified on Fri, 17 Nov 2023 at 02:16 PM

Yes. Follow our documentation to enable LDAP. Then, the relevant fields in the Keycloak configurations are:


  • Connection URL - Make sure the protocol is ldaps://
  • Use Truststore SPI - Always or Only for ldaps


Include the LDAP server certificate in the admin console:


  • TLS Certificate Mode → Customer Provided → CA Certificate
  • If the application already has a customer-provided CA certificate, then append the LDAP certificate in the application certificate file and upload the resulting file in the CA Certificate field. For example:
cat ldap-ca.crt >> application-ca.crt

Then, include the application-ca.crt with both certificates in the CA Certificate field.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article