Configuring LDAPS in Keycloak

Last Updated : Jun 10, 2026 |

Procedure

  1. Login to Keycloak Admin Console.
  2. In the left navigation pane, go to the realm where you want to configure LDAP.
  3. If you are using the default realm, select Master or the custom realm you want to configure.
  4. Click User Federation under Realm Settings.
  5. Click LDAP to configure LDAP.
  6. Click Add provider and select ldap.
    Note:

    For LDAPS, ensure the connection URL starts with ldaps://.

  7. Enter the required LDAP connection details.
  8. In the Use Truststore SPI field, select ldapsOnly if you have configured a custom truststore.
  9. Disable the Enable StartTLS option.
  10. Click Test authentication to connect Keycloak to your LDAP server.
  11. Save the configuration.

Example

Following are the configuration examples: 
plaintext
Copy code
Vendor: Other
Connection URL: ldaps://ldap.example.com:636
Bind Type: simple
Bind DN: cn=admin,dc=example,dc=com
Bind Credential: <your password>