Active Directory/LDAP Authentication for Admin Interface

[cvillegas1976]

Currently, Nginx Proxy Manager lacks native Active Directory/LDAP integration for admin authentication, forcing enterprises to maintain separate credentials or implement complex workarounds.

Proposed Solution
Implement LDAP/AD authentication for the admin UI with:

• Secure LDAP/LDAPS connectivity
• Group-based role mapping (Admin/User)
• Standard attribute support (sAMAccountName, memberOf, etc.)

Example Configuration

"auth": {
  "ldap": {
    "enabled": true,
    "url": "ldap://ad.example.com:389",
    "bindDN": "cn=admin,dc=example,dc=com",
    "bindCredentials": "secret",
    "userSearchBase": "ou=users,dc=example,dc=com",
    "usernameAttribute": "sAMAccountName",
    "groupSearchBase": "ou=groups,dc=example,dc=com"
  }
}

Key Benefits

✅ Enterprise-ready authentication
✅ Centralized user management
✅ Improved security compliance
✅ Reduced credential fatigue

Additional Context
This would mirror functionality found in:

• Authelia (but more lightweight)
• Portainer's LDAP implementation
• TrueNAS directory services

Willingness to Help
I can:

• Test beta versions in production
• Provide AD server samples
• Assist with documentation

[sergeybezlepkin]

Claudio this is the top feature that NPM is missing, very much looking forward to it, thank you

[gdeeble]

Claudio, does it need to be LDAP or could it be OIDC? I know that there is Pull Request #4010 that is for adding OIDC functionality.

[cvillegas1976]

For my use case, the ideal functionality is direct authentication against AD/LDAP. While OIDC could achieve this, it would require adding an intermediary identity provider (IdP). Moreover, this type of functionality is widely implemented in various systems that require user authentication. El jue, 24 abr 2025 a las 8:54, gdeeble ***@***.***>) escribió:

…

*gdeeble* left a comment (NginxProxyManager/nginx-proxy-manager#4485) <#4485 (comment)> Claudio, does it need to be LDAP or could it be OIDC? I know that there is Pull Request #4010 <#4010> that is for adding OIDC functionality. — Reply to this email directly, view it on GitHub <#4485 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AORI5Q5LWMTEL4KBZJEGCY323DNJXAVCNFSM6AAAAAB3DVYZQOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDQMRXGUYTQNZTGQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[gdeeble]

That's fair, I figured I'd make mention incase you had something already in place. I can see LDAP being beneficial though.