Authentication can be managed through a LDAPĀ (or Active Directory) server. It allows you to start using Kitsu directly with the accounts listed in your LDAP.

Activate LDAP

To activate LDAP, you must set the AUTH_STRATEGY environment variable with the following value:


NB: If you are using Active directory you must set the IS_LDAP flag to true.

Required environment variables

Once this authentication scheme selected, you must set the following variables:

  • LDAP_HOST (default: ""): the IP address of your LDAP server.
  • LDAP_PORT (default: "389"): the listening port of your LDAP server.
  • LDAP_BASE_DN (default: "CN=Users,DC=studio,DC=local"): the base domain of your LDAP configuration.
  • LDAP_DOMAIN (default: "studio.local"): the domain used for your LDAP authentication.
  • LDAP_FALLBACK (default: "False"): Set to True if you want to allow admins to fallback on default auth strategy when the LDAP server is down.
  • LDAP_IS_AD (default: "False"): Set to True if you use LDAP with active directory.



User list synchronization

You will have to synchronize the user list with users from the LDAP. A good option is to handle it via a Python script. But, to makes things simpler, we added a command in zou binary to do it for you. It's a one way sync. We consider that Zou should not alter your LDAP user list.

This command requires additional environment variables:

  • LDAP_USER: Username of a LDAP user that can lists all LDAP users.
  • LDAP_PASSWORD: Password of a LDAP user that can lists all LDAP users.
  • LDAP_EMAIL_DOMAIN: User email will be built with username + @ + email domain.
  • LDAP_EXCLUDED_ACCOUNTS: Set the list of people that should not be created in Kitsu API (Zou).


DB_HOST=yourdbhost \
LDAP_BASE_DN=CN=Users,DC=mystudio,DC=local \
LDAP_DOMAIN=mystudio.com \
LDAP_USER=myusername \
LDAP_PASSWORD=myuserpassword \
LDAP_EMAIL_DOMAIN=mystudio.com \
LDAP_EXCLUDED_ACCOUNTS=Administrator,TestAccount \
zou sync-with-ldap-server

Note about Kitsu

When LDAP is activated, it is not possible anymore to change following user information through the Kitsu web UI:

  • email
  • first name
  • last name
  • avatar