--- title: "Add multiple users via LDAP" slug: "add-multiple-users-via-ldap" tags: ["LDAP Authentication", "User Provider"] updated: 2025-07-30T10:39:18Z published: 2025-07-30T10:39:18Z stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://support.anydesk.com/llms.txt > Use this file to discover all available pages before exploring further. # Add multiple users via LDAP > [!NOTE] > **License:** Ultimate-Cloud > > **Relevant for:** Organization owner or Admin The **LDAP** user provider enables organization owners to set up authentication using a directory service, such as Microsoft Active Directory, OpenLDAP, or OpenDJ, to validate users’ credentials. LDAP directories are a standard method for storing user, group, and permission data and integrating that with other applications. When LDAP is enabled in [my.anydesk II](https://my.anydesk.com/v2), users in your organization can sign in using SSO with the organization ID and their corporate credentials. You can also import LDAP roles into **my.anydesk II** for integrated access control. > [!NOTE] > 🦉 For more details on user provider types, see [**this article**](/v1/docs/single-sign-on-sso). --- ## Organization certificates The **Organization certificates** section lists all certificates associated with your organization. Certificates, typically in `.pem` format, secure the communication between **my.anydesk II**and your **LDAP provider**. To add a certificate to your organization: 1. Sign in to [my.anydesk II](https://my.anydesk.com/v2) and go to **Organization**. 2. Under **General**, click **Edit**, and then select **LDAP** as the user provider. 3. In the **Switch active provider** dialog, click **Proceed**. 4. Scroll down to **Organization certificates** and click **Add new certificate**. 5. In the dialog, paste the content of the `.pem` file or drag and drop the file. 6. Click **Add new certificate**. --- ## Configure LDAP You need to configure your LDAP provider to establish a connection with **my.anydesk II**. To configure LDAP in [my.anydesk II](https://my.anydesk.com/v2): 1. In [my.anydesk II](https://my.anydesk.com/v2), open the **Organization** tab. 2. Under **General**, click **Edit**, and select **LDAP** as the user provider. 3. In the **Switch active provider** dialog, click **Proceed**. 4. Scroll to **LDAP Setup**, click **Edit**, and provide the following: - **RDN LDAP attribute** - attribute used as the top attribute of user DN (often the same as username, e.g. `cn` or `sAMAccountName`). - **UUID LDAP attribute** - attribute used as the unique identifier (e.g. `objectGUID`, or `uid`/`entryDN`). - **User object classes** - comma‑separated classes such as `inetOrgPerson,organizationalPerson`. - **Connection URL** - URL of your LDAP server. - **Users DN** - base DN where user entries reside (e.g. `ou=users,dc=example,dc=com`). - **Bind DN** and **Bind credential** - credentials for LDAP access. - **User search filter** - optional LDAP filter for limiting which user entries are retrieved (e.g. `(filtername)`). - **Batch size** - number of LDAP entries retrieved per transaction. - **Periodic full sync** - toggle on if you want a full sync; then specify **Full sync period** (in seconds). - **Periodic changed users sync** - toggle on to sync changed or new users; then set **Changed sync period** (in seconds). ![](https://cdn.document360.io/b94c9ac2-20ec-4c7e-b325-135b0ed113f9/Images/Documentation/image(95).png) 5. Click **Finish edit**. Once configured, users (subject to any filter applied) from your LDAP directory can [sign in to my.anydesk II using the organization ID](/v1/docs/sign-in-to-your-account#sign-in-to-your-account-using-single-signon-sso). --- ## Import roles You can import LDAP roles into [my.anydesk II](https://my.anydesk.com/v2) to manage permissions based on group membership. 1. Go to **Organization**, click **Edit** under **General**, and reselect **LDAP** as the provider. 2. In the **Switch active provider** dialog, click **Proceed**. 3. Scroll to **Import roles**, click **Edit**, and configure: - **Roles DN** - base DN under which role objects are located (e.g. `ou-roles,dc=example,dc=org`). - **Role name LDAP attribute** - attribute used for role names/RDNs (commonly `cn`). - **Role object class** - class(es) of role objects (e.g. `groupOfNames`, or `group` for AD). - **LDAP filter** - optional filter to limit which roles are imported; format as `(filtername)` if used. - **User roles retrieve strategy** - select one of the following ways of retrieving user roles: - *Load roles by ‘member’ attribute* - query role entries where `member= user DN`. - *Get roles from user ‘memberOf’ attribute* - read roles from the `memberOf` attribute on the user. - **Membership attribute type** - select depending on strategy: - *DN* (for `member` attribute) - *UID* (for `memberUid` attribute) - *memberOf* (for using the user’s memberOf field) 4. Click **Finish edit**. After completing this setup, LDAP group assignments are available in [my.anydesk II](https://my.anydesk.com/v2) for role‑based access control. ## Related - [Configure Single Sign-On (SSO)](/single-sign-on-sso.md) - [Set up an Organization](/set-up-an-organization.md)