n8n-nodes-ldap
This is an n8n community node for interacting with LDAP servers including OpenLDAP and Active Directory.
n8n is a fair-code licensed workflow automation platform.
- Installation
- Operations
- Credentials
- Compatibility
- Example Workflow
- Further Testing
- Resources
- License
Installation
Follow the installation guide in the n8n community nodes documentation.
Community Nodes (Recommended)
For users on n8n v0.187+, your instance owner can install this node from Community Nodes.
- Go to Settings > Community Nodes.
- Select Install.
- Enter
n8n-nodes-ldap
in Enter npm package name. - Agree to the risks of using community nodes: select I understand the risks of installing unverified code from a public source.
- Select Install.
After installing the node, you can use it like any other node. n8n displays the node in search results in the Nodes panel.
Manual installation
To get started install the package in your n8n root directory:
npm install n8n-nodes-ldap
For Docker-based deployments add the following line before the font installation command in your n8n Dockerfile:
RUN cd /usr/local/lib/node_modules/n8n && npm install n8n-nodes-ldap
Operations
-
Compare: Compare an attribute to a value
-
DN
: The distinguised name of the object to compare -
Attribute ID
: The attribute to compare the value against -
Value
: The value to compare
-
-
Create: Create a new object
-
DN
: The distinguised name of the object to create -
Attributes
-
Attribute ID
: The attribute ID to create with the object -
Value
: The value of the attribute
-
-
-
Delete: Delete an object
-
DN
: The distinguised name of the object to delete
-
-
Modify: Modify an object
-
DN
: The distinguised name of the object to modify -
Modify Attribute
-
Add: Add a value to an attribute
-
Attribute ID
: The attribute ID to add a value to -
Value
: The value of the attribute to add
-
-
Replace: Replace the value of an attribute
-
Attribute ID
: The attribute to replace the value of -
Value
: The value of the attribute to replace
-
-
Remove: Remove a value from an atrribute
-
Attribute ID
: The attribute ID to remove from the object -
Value
: The value of the attribute remove
-
-
Add: Add a value to an attribute
-
-
Rename: Rename an object
-
DN
: The distinguised name of the object to rename -
Target DN
: The distinguised name to rename the object to
-
-
Search: Search the directory
-
Base DN
: The subtree to search in -
Filter
(default:(objectclass=*)
): LDAP filter -
Return All
: Whether to return all results -
Limit
: How many results to return -
Options
-
Attributes
: Comma-separated list of attributes to return -
Scope
: The set of entries at or below the BaseDN that may be considered potential matches
-
-
Credentials
You need to create an LDAP credential to use this node. The only required fields are Hostname
and SSL/TLS
, if you're using default ports everything should work. By default SSL/TLS will use port 636
, and non-TLS will use port 389
. The full list of supported connection options:
- Hostname: The hostname or IP of the LDAP server
- SSL/TLS: If the connection should use SSL/TLS
- StartTLS: Whether to use StartTLS
- Bind DN (optional): The full bind DN for the authenticating user/object
-
Bind Password (optional): The associated password for the
Bind DN
-
Port (optional): The port to connect to. If not specified, the default port will be used (
389
or636
for SSL/TLS) -
Ignore SSL/TLS Issues (default:
true
): Whether to connect even if SSL/TLS certificate validation is not possible - CA Certificate (optional): A PEM formatted CA certificate use for SSL/TLS certificate validation. Useful for self-signed and internal CAs
Credentials Example
Compatibility
n8n v0.187+
Example Workflow
Credentials
You'll need three credentials to execute the three LDAP nodes.
Debian Users
-
Hostname:
db.debian.org
-
SSL/TLS:
false
FreeIPA
-
Hostname:
ipa.demo1.freeipa.org
-
SSL/TLS:
false
ForumSys
-
Hostname:
ldap.forumsys.com
-
SSL/TLS:
false
-
Bind DN:
cn=read-only-admin,dc=example,dc=com
-
Bind Password:
password
Workflow
Expand to show workflow JSON
Copy and paste this JSON into a blank n8n workflow!
{
"nodes": [
{
"parameters": {},
"name": "Start",
"type": "n8n-nodes-base.start",
"typeVersion": 1,
"position": [
240,
440
]
},
{
"parameters": {
"baseDN": "ou=users,dc=debian,dc=org",
"returnAll": true,
"options": {}
},
"name": "Debian Users",
"type": "n8n-nodes-ldap.LDAP",
"typeVersion": 1,
"position": [
560,
200
],
"credentials": {
"ldap": {
"id": "49",
"name": "db.debian.org LDAP"
}
}
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json.accountStatus}}",
"operation": "isNotEmpty"
}
]
}
},
"name": "AccountStatus",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
800,
200
]
},
{
"parameters": {},
"name": "Has Status",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
140
]
},
{
"parameters": {},
"name": "No Status",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
280
]
},
{
"parameters": {
"dataType": "string",
"value1": "={{ $json[\"objectClass\"][0] }}",
"rules": {
"rules": [
{
"value2": "inetOrgPerson"
},
{
"value2": "groupOfUniqueNames",
"output": 1
},
{
"value2": "simpleSecurityObject",
"output": 2
}
]
},
"fallbackOutput": 3
},
"name": "Switch",
"type": "n8n-nodes-base.switch",
"typeVersion": 1,
"position": [
780,
660
]
},
{
"parameters": {},
"name": "People",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
480
]
},
{
"parameters": {},
"name": "Groups",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
620
]
},
{
"parameters": {},
"name": "Users",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
760
]
},
{
"parameters": {},
"name": "Other",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1060,
900
]
},
{
"parameters": {
"baseDN": "dc=example,dc=com",
"returnAll": true,
"options": {}
},
"name": "ForumSys",
"type": "n8n-nodes-ldap.LDAP",
"typeVersion": 1,
"position": [
560,
660
],
"credentials": {
"ldap": {
"id": "50",
"name": "ldap.forumsys.com LDAP"
}
}
},
{
"parameters": {
"baseDN": "dc=demo1,dc=freeipa,dc=org",
"limit": 1200,
"options": {}
},
"name": "FreeIPA",
"type": "n8n-nodes-ldap.LDAP",
"typeVersion": 1,
"position": [
560,
440
],
"credentials": {
"ldap": {
"id": "55",
"name": "LDAP account"
}
}
}
],
"connections": {
"Start": {
"main": [
[
{
"node": "Debian Users",
"type": "main",
"index": 0
},
{
"node": "ForumSys",
"type": "main",
"index": 0
},
{
"node": "FreeIPA",
"type": "main",
"index": 0
}
]
]
},
"Debian Users": {
"main": [
[
{
"node": "AccountStatus",
"type": "main",
"index": 0
}
]
]
},
"AccountStatus": {
"main": [
[
{
"node": "Has Status",
"type": "main",
"index": 0
}
],
[
{
"node": "No Status",
"type": "main",
"index": 0
}
]
]
},
"Switch": {
"main": [
[
{
"node": "People",
"type": "main",
"index": 0
}
],
[
{
"node": "Groups",
"type": "main",
"index": 0
}
],
[
{
"node": "Users",
"type": "main",
"index": 0
}
],
[
{
"node": "Other",
"type": "main",
"index": 0
}
]
]
},
"ForumSys": {
"main": [
[
{
"node": "Switch",
"type": "main",
"index": 0
}
]
]
}
}
}
Further Testing
If you want to test binding to a server and mutating objects, you can stand up your own OpenLDAP instance to test:
docker run --rm --name openldap -p 1389:1389 \
--env LDAP_ADMIN_USERNAME=admin \
--env LDAP_ADMIN_PASSWORD=adminpassword \
--env LDAP_USERS=customuser,user01,user02 \
--env LDAP_PASSWORDS=custompassword,password1,password2 \
bitnami/openldap:latest
Then configure your n8n LDAP credentials:
-
Hostname:
localhost
-
SSL/TLS:
false
-
Bind DN:
cn=admin,dc=example,dc=org
-
Bind Password:
adminpassword
-
Port:
1389