Content Type: Module
Categories: Authentication


The ‘LDAP’ module allows you to provision end-users of your app. It is a client-side implementation of the Lightweight Directory Access Protocol (LDAP) which allows your app to communicate with an LDAP server such as an on-premises Microsoft Active Directory (AD). This makes the module interesting for customers who are using ‘Mendix for Private Cloud’ or ‘Mendix for Server-Based deployment’ deployment models. It can be used to synchronize your Mendix app’s end-users, their group memberships, and their status from an LDAP server. Although you can provision end-users in a ‘just-in-time’ (JIT) fashion during user sign in, pre-provisioning (available through the LDAP module) allows end-users to be set up before their first login. When used to deactivate app end-users stored within the app (which is not possible with JIT user provisioning) this has benefits for access governance and Mendix user licensing. The LDAP module can be used in combination with other IAM modules such as the Administration, OIDC SSO, or SAML module.

You can also use the LDAP module to authenticate your app’s end-users (‘login’) by validating usernames and passwords at your LDAP server. However, the recommended option for end-user authentication is to use an SSO solution to avoid the duplication of user credentials beyond IdP and end-user and to allow for Multi-Factor-Authentication (MFA). You can implement SSO for your end-users by using the OIDC SSO or SAML module.

Your app could, for example, combine LDAP for user synchronization together with the SAML module to authenticate your app’s end-users.



Please see LDAP in the Mendix documentation for details.


Version: 1.1.0
Framework Version: 9.24.8
Release Notes: This version contains the following fixes/improvements: - Upgraded to Studio pro v9.24.8 - Fixed Mendix 10 compatibility issue - We included a migration file for the Java dependencies for Studio Pro 10 compatibility
Version: 1.0.0
Framework Version: 9.22.0
Release Notes: - This is the initial version of the “LDAP” module having platform support. In comparison to the deprecated LDAP Synchronization module, we have the following differences: - Modified few text labels on the configuration screens. - Fixed an issue to work with the encryption module on Mendix 9. Library Upgrades: - org.slf4j: slf4j-api to 2.0.5 - org.springframework: spring-core to to 5.3.24 - org.springframework.ldap: spring-ldap-core to 2.4.1 - org.springframework: spring-tx to 5.3.23 - org.springframework: spring-beans to 5.3.24 Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old LDAP module from the userlib folder of the project before upgrading to the latest version.