IdentityServer.LdapExtension 1.0.0

.NET Standard 2.0
There is a newer version of this package available.
See the version list below for details.
dotnet add package IdentityServer.LdapExtension --version 1.0.0
NuGet\Install-Package IdentityServer.LdapExtension -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="IdentityServer.LdapExtension" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add IdentityServer.LdapExtension --version 1.0.0
#r "nuget: IdentityServer.LdapExtension, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install IdentityServer.LdapExtension as a Cake Addin
#addin nuget:?package=IdentityServer.LdapExtension&version=1.0.0

// Install IdentityServer.LdapExtension as a Cake Tool
#tool nuget:?package=IdentityServer.LdapExtension&version=1.0.0

Build status


IdentityServer4 Ldap Extension (OpenLdap or ActiveDirectory).

Table of content


<a name="installation"/>

The plugin is easy to install to your solution. Built using .Net Standard 2.0. The Nuget package can be installed by either searching the package IdentityServer.LdapExtension or by typing the following command in your package console:

Install-Package IdentityServer.LdapExtension

Configuration on IdentityServer4 server

<a name="IS.BaseConfiguration"/>

An easy extension method have been created in order to add the LDAP as a provider to your IdentityServer. For this you simply have to use the AddLdapUsers<TApplicationUser>(LdapConfigSection, StoreTypeOrCustomStore). The configuration has to be provided or it won't work. The configuration is described here.

In the Startup.cs under ConfigureServices method, you will have something similar to the following by default (Starter pack for IdentityServer). The last line is what you will need to add in order to get started.

// ... Code ...
    .AddLdapUsers<OpenLdapAppUser>(Configuration.GetSection("ldap"), UserStore.InMemory);
// ... Code ...

Application User: 2 (OpenLdapAppUser, ActiveDirectoryAppUser) have been provided with this extension, but you can use your own as long as you implement the interface IAppUser. I encourrage you to provide your own implementation. You might want to have claims/roles based on an active directory group or your attributes within LDAP are not the one I have defined.

Store types:

  1. UserStore.InMemory: Can be used when you test locally. It stores the logged in user in memory in order to avoid querying the LDAP server over and over. It is also used in order to store the external logged in user details (Google, Facebook, etc.).
  2. UserStore.Redis: Same as in memory, but is persisted and will be ready when you restart.
  3. ILdapUserStore implementation: Build your own store implementation and pass it as a parameter.

AppSettings Configuration

<a name="IS.AppSettings"/>

The appsettings.json will require a configuration for the extension. Here's an example using OpenLdap:

  "ldap": { // Name can be of your choosing
    "url": "localhost",
    "port": 389,
    "bindDn": "cn=ldap-ro,dc=contoso,dc=com",
    "bindCredentials": "P@ss1W0Rd!",
    "searchBase": "ou=users,DC=contoso,dc=com",
    "searchFilter": "(&(objectClass=posixAccount)(objectClass=person)(uid={0}))"
    // "redis": "localhost:32771,ssl=false", // Required if using UserStore.Redis 

If you want to see a working demo, you can open the implementation available the sample folder. It is based on the QuickStart from IdentityServer4 WebSite.

You don't have a LDAP for your tests?

<a name="Ldap.Test"/>

It's not a big problem. I wrote a small tutorial/article in order to setup an entire OpenLdap server within Docker in order to not pollute your PC and also to avoid relying on network admnistrator. That way you can play with existing users or create your own users directory. The tutorial/article is available at

Features in progress

<a name="NewFeature"/>

I plan to work on the following:

  • Create a demo page using VueJS + Dotnet instead of Angular demo.
  • Implement the SSL
  • Implement a cache invalidation based on time (After x time without being hit, remove from redis or from memory).


  • Me, the author of the package (@Nordes)

Thanks to:

  • @marianahycit


<a name="license"/>


Regarding the IdentityServer4 Sample - Apache 2 (due to original code a bit updated)

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows net7.0 net7.0-android net7.0-ios net7.0-maccatalyst net7.0-macos net7.0-tvos net7.0-windows
.NET Core netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
.NET Standard netstandard2.0 netstandard2.1
.NET Framework net461 net462 net463 net47 net471 net472 net48 net481
MonoAndroid monoandroid
MonoMac monomac
MonoTouch monotouch
Tizen tizen40 tizen60
Xamarin.iOS xamarinios
Xamarin.Mac xamarinmac
Xamarin.TVOS xamarintvos
Xamarin.WatchOS xamarinwatchos
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
3.1.0 11,196 4/14/2021
2.1.49 31,893 6/10/2020
2.1.29 14,582 1/29/2020
2.1.13 2,684 11/29/2019
2.1.8 15,864 4/11/2019
2.1.7 2,729 3/5/2019
2.1.0 2,892 12/1/2018
2.0.0 1,882 11/10/2018
1.0.0 3,575 4/22/2018