.. tvb1581377605743 .. _overview-of-ldap-servers: ======================== Overview of LDAP Servers ======================== |prod-long| can be configured to use an |LDAP| compatible server, like a remote Windows Active Directory server or the Local |LDAP| server, to authenticate users of the Kubernetes API, using the **oidc-auth-apps** application. The Local |LDAP| server is present in |prod| deploys. This server runs on the controllers. The only exception is the |DC| environments, where this |LDAP| server runs only on the SystemController's controllers, it is not present in the subcloud's controllers. The **oidc-auth-apps** application installs a proxy |OIDC| identity provider that can be configured to proxy authentication requests to an |LDAP|'s identity provider, such as Windows Active Directory or Local |LDAP|. For more information, see `https://github.com/dexidp/dex `__. The **oidc-auth-apps** application also provides an |OIDC| client for accessing the username and password |OIDC| login page for user authentication and retrieval of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user authentication and retrieval of tokens. In addition to installing and configuring the **oidc-auth-apps** application, the admin must also configure Kubernetes cluster's **kube-apiserver** to use the **oidc-auth-apps** |OIDC| identity provider for validation of tokens in Kubernetes API requests.