Feature Title
LDAP Authentication Support
Feature Description
Problem
OpenSign currently only supports email/password login. For self-hosted environments using LDAP directories (LLDAP, Active Directory, OpenLDAP), this means:
- Administrators must manually create and manage user accounts in two places
- Users must maintain separate credentials for OpenSign
- Onboarding/offboarding requires double the administrative work
Proposed Solution
Add LDAP authentication as an optional backend, configurable via environment variables:
LDAP_ENABLED=true
LDAP_HOST=ldap.example.com
LDAP_PORT=389
LDAP_BIND_DN=uid=admin,ou=people,dc=example,dc=com
LDAP_BIND_PASSWORD=secret
LDAP_SEARCH_BASE=dc=example,dc=com
LDAP_USER_FILTER=(&(objectClass=person)(uid={{input}}))
LDAP_EMAIL_ATTR=mail
LDAP_NAME_ATTR=displayName
Expected Behavior
- User enters their LDAP credentials on the OpenSign login page
- OpenSign authenticates against the LDAP server
- On first successful login, a local OpenSign account is automatically provisioned
- No manual account creation needed
Context
LDAP is standard in nearly every other self-hosted application (Vaultwarden, Nextcloud, Grafana, Gitea). Adding this would significantly lower the barrier for organizations to adopt OpenSign.
What type of feature are you requesting?
Other
Importance
High
Additional Context
No response
Code of Conduct
Feature Title
LDAP Authentication Support
Feature Description
Problem
OpenSign currently only supports email/password login. For self-hosted environments using LDAP directories (LLDAP, Active Directory, OpenLDAP), this means:
Proposed Solution
Add LDAP authentication as an optional backend, configurable via environment variables:
Expected Behavior
Context
LDAP is standard in nearly every other self-hosted application (Vaultwarden, Nextcloud, Grafana, Gitea). Adding this would significantly lower the barrier for organizations to adopt OpenSign.
What type of feature are you requesting?
Other
Importance
High
Additional Context
No response
Code of Conduct