---
title: Enabling LDAP authentication
description: You can enable LDAP authentication by using the configuration files located in the <pf_install>/pingfederate/bin directory.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_enabling_ldap_auth
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_enabling_ldap_auth.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Enabling LDAP authentication

You can enable LDAP authentication by using the configuration files located in the `<pf_install>/pingfederate/bin` directory.

## About this task

When LDAP authentication is configured, PingFederate does not lock out administrative users based upon the number of failed sign-on attempts. Instead, responsibility for preventing access is delegated to the LDAP server and enforced according to its password lockout settings.

## Steps

1. In the `<pf_install>/pingfederate/bin/run.properties` file, change the value of the `pf.console.authentication` property as shown. `pf.console.authentication=LDAP`

2. In the `<pf_install>/pingfederate/bin/ldap.properties` file, change property values as needed for your network configuration.

   For more information, see the comments in the file.

   The roles configured in the properties file apply to both the administrative console and the administrative API.

   |   |                                                                                                                                                       |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | Remember to assign LDAP users or designated LDAP groups to at least one of the PingFederate administrative roles as indicated in the properties file. |

   |   |                                                                                                                                                     |
   | - | --------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You can also use this configuration file in conjunction with RADIUS authentication to determine permissions dynamically through an LDAP connection. |

3. Start or restart PingFederate.