# LDAP Settings

SessionLimit is Active Directory integrated software. Supports single Active Directory domain. One of the most important issues in SMS integration is mobile phone information. From this screen, the attribute containing the mobile phone number must be selected.

**UserPrincipalName** and **samAccountName** information can be used in user login operations.

<figure><img src="/files/eYFGloFz3ycJNuhSjVaN" alt=""><figcaption></figcaption></figure>

## Create LDAP Connection <a href="#create-ldap-connection" id="create-ldap-connection"></a>

### Domain FQDN <a href="#domain-fqdn" id="domain-fqdn"></a>

Active Directory domain FQDN address is entered. This field supports entering the server name. It is recommended to enter Domain FQDN information. Example: domain.com

### Port/Secure <a href="#port-secure" id="port-secure"></a>

LDAP port information is entered. By default, Unsecure LDAP connection is TCP 389, Secure LDAP connection is TCP 636. If a special port is used, it must be entered in this field.

The Secure option determines the use of LDAP/Secure LDAP.

{% hint style="success" %}
Starting with SessionLimit 2.2.0, the LDAP Settings screen now supports using the **Global Catalog** ports **3268 (GC)** and **3269 (GC over SSL)**, in addition to the traditional LDAP ports **389** and **636**.

Using GC ports enables significantly faster Active Directory queries, especially in large environments or multi-domain forests. Both LDAP and GC ports are supported — simply changing the port value is sufficient to switch query mode.
{% endhint %}

<figure><img src="/files/auToCItkdIj4gZiQNR80" alt=""><figcaption></figcaption></figure>

### Authentication (Username/Password) <a href="#authentication-username-password" id="authentication-username-password"></a>

When the Authentication option is selected, it is stated that a user account will be used for LDAP transactions. If the Authentication option is not selected, the user account specified for the [IIS Application Pool](/tips-and-tricks/using-gmsa-account-in-application-pool.md) is used for the operations specified below.

In the username field, the user account that will be connected to the Active Directory domain and has the privileges of unlocking the account, resetting the password, reading mobile phone information, and reading alternative username attribute information is entered. This user account is also preferred to be given Replicate Directory Changes authority at the domain root level. Thanks to this authority, password history checks become applicable in password reset operations.

Test buttons are used to perform LDAP connection testing.

## Edit LDAP <a href="#edit-ldap" id="edit-ldap"></a>

Click the edit button to determine the mobile phone and alternative username field and make changes to the LDAP connection.

### AD User Phone Attribute <a href="#a-d-user-phone-attribute" id="a-d-user-phone-attribute"></a>

The attribute to be used for the mobile phone is selected. If this attribute is protected, the account used for the LDAP connection needs read permission for this attribute.

### AD Manager Attribute

The Manager attribute is now available in SessionLimit. This enables time-extension workflows where approval requests can automatically be emailed to the user’s manager, allowing them to approve or decline the extension directly.

<figure><img src="/files/MDTysmom0xGkTsFJp5UB" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sessionlimit.com/managing/settings/general/ldap-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.