Finish preliminary LDAP

backend/src/ee/services/license/__mocks__/licence-fns.ts

@@ -17,8 +17,9 @@ export const getDefaultOnPremFeatures = () => {
     customAlerts: false,
     auditLogs: false,
     auditLogsRetentionDays: 0,
-    samlSSO: true,
-    scim: true,
+    samlSSO: false,
+    scim: false,
+    ldap: false,
     status: null,
     trial_end: null,
     has_used_trial: true,

backend/src/ee/services/license/licence-fns.ts

@@ -23,9 +23,9 @@ export const getDefaultOnPremFeatures = (): TFeatureSet => ({
   customAlerts: false,
   auditLogs: false,
   auditLogsRetentionDays: 0,
-  samlSSO: true,
-  scim: true,
-  ldap: true,
+  samlSSO: false,
+  scim: false,
+  ldap: false,
   status: null,
   trial_end: null,
   has_used_trial: true,

backend/src/ee/services/license/license-types.ts

@@ -24,9 +24,9 @@ export type TFeatureSet = {
   customAlerts: false;
   auditLogs: false;
   auditLogsRetentionDays: 0;
-  samlSSO: true;
-  scim: true;
-  ldap: true;
+  samlSSO: false;
+  scim: false;
+  ldap: false;
   status: null;
   trial_end: null;
   has_used_trial: true;

docs/documentation/platform/ldap/general.mdx

@@ -0,0 +1,36 @@
+---
+title: "General LDAP"
+description: "Log in to Infisical with LDAP"
+---
+
+<Info>
+    LDAP is a paid feature.
+   
+   If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
+   then you should contact team@infisical.com to purchase an enterprise license to use it.
+</Info>
+
+You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
+
+<Steps>
+   <Step title="Prepare the LDAP configuration in Infisical">
+        In Infisical, head to your Organization Settings > Authentication > LDAP Configuration and select **Set up LDAP**.
+        
+        Next, input your LDAP server settings.
+        
+        ![LDAP configuration](/images/platform/ldap/ldap-config.png)
+        
+        Here's some guidance for each field:
+
+        - URL: The LDAP server to connect to such as `ldap://ldap.your-org.com`, `ldaps://ldap.myorg.com:636` (for connection over SSL/TLS), etc.
+        - Bind DN: The distinguished name of object to bind when performing the user search such as `cn=infisical,ou=Users,dc=acme,dc=com`.
+        - Bind Pass: The password to use along with `Bind DN` when performing the user search.
+        - Search Base / User DN: Base DN under which to perform user search such as `ou=Users,dc=example,dc=com`
+        - CA Certificate: The CA certificate to use when verifying the LDAP server certificate.
+   </Step>
+   <Step title="Enable LDAP in Infisical">
+        Enabling LDAP allows members in your organization to log into Infisical via LDAP.
+        
+        ![LDAP toggle](/images/platform/ldap/ldap-toggle.png)
+   </Step>
+</Steps>

docs/documentation/platform/ldap/overview.mdx

@@ -15,4 +15,9 @@ To note, configuring LDAP retains the end-to-end encrypted architecture of Infis
 
 LDAP providers:
 
-- [JumpCloud LDAP](/documentation/platform/ldap/jumpcloud)
+- Active Directory
+- [JumpCloud LDAP](/documentation/platform/ldap/jumpcloud)
+- AWS Directory Service
+- Foxpass
+
+Check out the general instructions for configuring LDAP [here](/documentation/platform/ldap/general).

docs/mint.json

@@ -153,7 +153,8 @@
           "group": "LDAP",
           "pages": [
             "documentation/platform/ldap/overview",
-            "documentation/platform/ldap/jumpcloud"
+            "documentation/platform/ldap/jumpcloud",
+            "documentation/platform/ldap/general"
           ]
         },
         {

frontend/src/hooks/api/subscriptions/types.ts

@@ -19,6 +19,7 @@ export type SubscriptionPlan = {
   environmentLimit: number;
   samlSSO: boolean;
   scim: boolean;
+  ldap: boolean;
   status:
     | "incomplete"
     | "incomplete_expired"