v.21.2New Features

Added LDAP Group Mapping to Local User Roles

Published: November 25, 2025

Added support of mapping LDAP group names, and attribute values in general, to local roles for users from ldap user directories. #17211 (Denis Glazachev).

Added support for mapping LDAP group names and attribute values to local roles for users from LDAP user directories in ClickHouse.

Why it matters

This feature enables automatic assignment of local roles based on LDAP groups or attributes, simplifying user management and access control for environments using LDAP authentication. It solves the problem of manual role mapping by providing a flexible, integrated approach to map LDAP data to ClickHouse roles.

How to use it

Configure the LDAP user directory settings in ClickHouse to define mappings between LDAP group names or attribute values and local roles. This allows ClickHouse to assign roles dynamically when users authenticate via LDAP, streamlining permissions management.

Related resources

Pull Request #17211