LDAP4Claude
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@LDAP4Claudelook up user jdoe@company.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
LDAP4Claude
An MCP (Model Context Protocol) server that connects Claude Code to LDAP / Active Directory.
Features
User lookup — search by name, email, username, or raw LDAP filter
Group management — list groups, get members, check membership (supports nested groups)
Authentication — verify user credentials via LDAP bind
Role mapping — map AD groups to application roles (admin, editor, reader, etc.)
Related MCP server: LegacyMCP
Quick Start
npm install
npm run buildConfiguration
Set environment variables (see .env.example):
Variable | Required | Default | Description |
| Yes | — | Server hostname or IP |
| No |
| Service port |
| Yes | — | Search base DN |
| Yes | — | Service account bind DN |
| Yes | — | Service account password |
| No |
| Use |
| No |
| Reject self-signed certs |
| No |
| Connection timeout (ms) |
| No |
| Role mapping file path |
Register with Claude Code
Add to ~/.claude.json:
{
"mcpServers": {
"ldap4claude": {
"command": "node",
"args": ["/path/to/LDAP4Claude/build/index.js"],
"env": {
"LDAP_HOST": "dc.company.com",
"LDAP_BASE_DN": "dc=company,dc=com",
"LDAP_BIND_DN": "cn=service-account,cn=users,dc=company,dc=com",
"LDAP_BIND_PASSWORD": "password"
}
}
}
}Available Tools
User Tools
Tool | Description |
| Search users by name, email, username, or custom LDAP filter |
| Get detailed user info (title, department, groups, status) |
| List all groups a user belongs to (supports recursive) |
Group Tools
Tool | Description |
| List/search groups (security or distribution) |
| Get members of a group (supports nested) |
| Check if a user is in a specific group |
Authentication
Tool | Description |
| Verify username + password against AD |
Role Management
Tool | Description |
| Map AD groups to an application role |
| View current role mappings |
| Delete a role mapping |
| Get a user's application roles based on group membership |
Role Mapping
Edit config/role-mappings.json or use the ldap_role_mapping_set tool:
{
"admin": ["Domain Admins", "IT Admins"],
"editor": ["Content Team"],
"reader": ["Domain Users"]
}Then query a user's roles with ldap_get_user_roles — it checks the user's AD groups against these mappings and returns which roles apply.
Architecture

graph TB
subgraph Claude["Claude Code (Client)"]
CC[Claude Code]
end
subgraph MCP["MCP Server (stdio transport)"]
direction TB
IDX[index.ts\nEntry Point]
subgraph Tools["Tool Layer"]
UT["user-tools.ts\nldap_search_users\nldap_get_user\nldap_get_user_groups"]
GT["group-tools.ts\nldap_list_groups\nldap_get_group_members\nldap_check_group_membership"]
AT["auth-tools.ts\nldap_authenticate"]
RT["role-tools.ts\nldap_role_mapping_set/get/delete\nldap_get_user_roles"]
end
subgraph Core["Core Layer"]
LC["ldap-client.ts\nLdapClient"]
RM["role-manager.ts\nRoleManager"]
CFG["config.ts\nZod validation"]
end
subgraph Utils["Utils"]
ESC["ldap-escape.ts\nRFC 4515 filter escaping"]
end
end
subgraph LDAP["Active Directory / LDAP Server"]
SA["Service Account\nPersistent bind"]
UA["User Auth\nTemporary bind"]
end
subgraph Storage["Local Storage"]
JSON["role-mappings.json\nAtomic write"]
end
CC -- "JSON-RPC\n(stdin/stdout)" --> IDX
IDX --> Tools
IDX --> CFG
IDX --> LC
IDX --> RM
UT --> LC
GT --> LC
AT --> LC
RT --> LC
RT --> RM
LC --> ESC
LC -- "ldap/ldaps bind\n(service account)" --> SA
LC -- "separate Client\nper auth request" --> UA
RM -- "read/write\n(tmp + rename)" --> JSONLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ct9915/LDAP4Claude'
If you have feedback or need assistance with the MCP directory API, please join our Discord server