How to set up an LDAP authenticator

From Mumble Wiki
Jump to: navigation, search

In this guide we explain how to setup LDAP authentication for murmurd (aka mumble-server).


  • A mumble server with a DNS record (
  • Enable ICE with password protection in /etc/mumble-server.ini:
ice="tcp -h -p 6502"
  • An LDAP service account (cn=mumble,ou=dsa,dc=example,dc=com):
$ ldapsearch -ZZ -x -H ldap:// -D "cn=mumble,ou=dsa,dc=example,dc=com" -b ou=people,dc=example,dc=com -W -s sub '(uid=myldapusername)' -LLL
Enter LDAP Password: 
dn: uid=myldapusername,ou=people,dc=example,dc=com
cn: User Name
sn: Name
givenName: User
uid: myldapusername
displayName: User Name
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
roomNumber: 111

NOTE: Setting up a unique roomNumber in LDAP is important since this is the field we are using for uniqueness in Mumble.

Get the LDAP Authenticator

  • Download the LDAP authenticator and sample configuration:
# curl -s -OL
# curl -s -OL

Setup the LDAP Authenticator

  • Install the authenticator script:
# cp /usr/local/sbin/
# chmod +x /usr/local/sbin/
  • Install the config file:
# mkdir /etc/mumble-scripts
# cp LDAPauth.ini /etc/mumble-scripts
  • Edit the configuration (/etc/mumble-scripts/LDAPauth.ini) appropriately:
id_offset       = 1000000000
reject_on_error = True
reject_on_miss  = True

host            =
port            = 6502
slice           = /usr/share/slice/
secret          = MySecretIcePass
watchdog        = 30

bind_dn = cn=mumble,ou=dsa,dc=example,dc=com
bind_pass = MySecretLDAPPass
ldap_uri = ldaps://
users_dn = ou=people,dc=example,dc=com
discover_dn = false
username_attr = uid
number_attr = roomNumber
display_attr = cn
group_cn = cn=all,ou=groups,dc=example,dc=com
group_attr = member
provide_info = True
mail_attr = mail
provide_users = True

servers      = 

level   =
file    = /var/log/mumble-server/LDAPauth.log

Ice.ThreadPool.Server.Size = 5

NOTE: If you don't use ldaps:// all the LDAP communication will be in the clear!

Start as a systemd service

  • Create a systemd service file under /etc/systemd/system/mumble-ldapauth.service:
Description=LDAP Authentication Service for Mumble Server
Documentation= mumble-server.service


  • Start and enable the service:
# systemctl daemon-reload
# systemctl enable mumble-ldapauth.service
# systemctl start mumble-ldapauth.service
  • Verify:
# systemctl status mumble-ldapauth.service 
* mumble-ldapauth.service - LDAP Authentication Service for Mumble Server
   Loaded: loaded (/etc/systemd/system/mumble-ldapauth.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-09-01 00:29:50 PDT; 3s ago
 Main PID: 2544 (python)
    Tasks: 12 (limit: 4915)
   Memory: 44.4M
   CGroup: /system.slice/mumble-ldapauth.service
           `-2544 python /usr/local/sbin/

Sep 01 00:29:50 chat systemd[1]: Started LDAP Authentication Service for Mumble Server.
  • Restart both services:
# systemctl restart mumble-{server,ldapauth}.service

Connect to mumble

Use these client settings:

  • Address:
  • Port: 64738
  • Username: myldapusername
  • Label: My Mumble Server