Mastodon: [Feature Request] LDAP integration

I've been thinking about this a lot. I want to build a platform where users can register for one username and they get both a Mastodon and a Matrix account for that username. LDAP seems kind of archaic for what it does so I don't know it's the best choice, I've just seen a lot of apps incorporate it before.

If LDAP is the best solution to this, I'm very in favor of adding this so we can integrate user accounts with other platforms. If anyone knows of a better way to bridge users on multiple apps, please chime in. I've also considered building something myself.

Mastodon + Matrix + (some federated events app which doesn't yet exist) = the full stack

I was thinking about LDAP/Active Directory because (i believe) it is still widely used. My University used it to manage student and faculty logins. The idea is that users can use their existing login, that is easier than setting up a few thousand new logins.

Yes, Mastodon should support a directory service. LDAP is the logical solution.

Doesn't Mastodon implement OnmiAuth? Would something like this work? https://github.com/intridea/omniauth-ldap

I agree LDAP auth is a good feature to have. There are several open source self service password portals out there that could be leveraged to give users the ability to manage their password in LDAP.

I think Mastodon supports OmniAuth through Devise so it's probably better to use the Devise LDAP authentication. There are instructions in the Devise wiki on authenticating with LDAP here https://github.com/plataformatec/devise/wiki/How-To:-Authenticate-via-LDAP. I hope to try this out within the next week and see if I can make it work.

@nathan-sain I'd like to hear about these several open source self service LDAP user management options. I looked and never found anything quite sane. I'm not sure how relevant this is to this issue but toot me at @[email protected] or better yet, drop an answer here: https://softwarerecs.stackexchange.com/q/1622/429

Also very interested to know this. Thanks!

I would love to have that too. Want to have xmpp/mastodon for one account, for example.

I use LDAP to provides common authentication to my users (mail, nextcloud, xmpp and so on) so I am waiting for LDAP integration in Mastodon before setting up my own instance.

IMHO this should be taken with high priority as a directory service like LDAP is widely used by organisations and companies that are potential future mastodon instances.

Not meant to be offensive, but how is this not done yet? Nearly everybody that runs more than one service manages, or should manage, their users with LDAP. Keeping separate user sets is just so 1987 (year before X.500 DAP was released).

I have gitea, nextcloud, matrix, xmpp, mail and probably some more stuff I've forgot to mention with just on user set, and not being able to add mastodon to that list is really unsatisfying.

While I agree that LDAP integration is important, the simple answer is because no one has implemented it yet. This is a community project in which people volunteer their free time to improve upon it for the greater good of society. Entitlement will not get you what you want faster than implementing the feature yourself and sending a merge request.

It was not intended to offend anyone or to make it seem as me not appreciating their work, I was just stating (or at least trying to) that this is a very important feature and that I was surprised that no one did it yet. I'd help with this myself, but I don't know any ruby, and I don't intend to change that.

Is there any update on LDAP integration?

@Tdortiz there is #4032, which adds LDAP, which won't get merged before #3148 is merged, which adds CAS and SAML auth, and both currently wait for being reviewed. @Gargron was busy with ActivityPub stuff (which is arguably more important for most instances) and making the experience better for new users, maybe he has time to take a look at these two PRs now.

Any updates on this? I guess there are a lot of people like me who offer some services to friends and family or communities, which have already services running using LDAP.

Any updates?