Qeet Docs
Enterprise

LDAP / AD

Bind-based authentication against LDAP / Active Directory — connection CRUD and a test-bind endpoint.

Qeet ID supports LDAP (and Active Directory) authentication via bind login: users authenticate against your directory, and Qeet ID verifies by binding with their credentials. Connections are managed per tenant, with a test-bind to validate config before going live.

Manage connections

GET/v1/tenants/{tenantID}/ldapList LDAP connections
POST/v1/tenants/{tenantID}/ldapCreate a connection
PUT/v1/tenants/{tenantID}/ldap/{id}Update a connection
DELETE/v1/tenants/{tenantID}/ldap/{id}Delete a connection

Test the bind

Validate host, base DN, bind credentials, and TLS before enabling the connection.

POST/v1/tenants/{tenantID}/ldap/{id}/testTest bind

Authenticate

POST/ldap/{id}/authenticateBind-authenticate a user
Bash
curl -X POST https://api.qeetid.com/ldap/$CONN_ID/authenticate \
  -H "Content-Type: application/json" \
  -d '{"username":"alex","password":"…"}'

Use LDAPS / StartTLS

Bind authentication sends credentials to the directory. Always use LDAPS or StartTLS in production so credentials aren't sent in the clear. Validate with the test-bind endpoint first.

SCIM 2.0 (Users + Groups)

Okta/Entra-style provisioning and deprovisioning — SCIM Users, Groups, and PatchOp membership sync, with per-tenant bearer tokens.

Authorization

RBAC with a single-call /check, group-level roles, explainable authz (the grant-path trace), and ABAC policy.

On this page

Manage connectionsTest the bindAuthenticate