Pro Custodibus can connect to your internal LDAP or Microsoft Active Directory (AD) servers, allowing you to manage your WireGuard networks from your usual LDAP or AD tools. Pro Custodibus can synchronize the configuration settings for your WireGuard hosts and interfaces from your LDAP/AD store to the WireGuard hosts themselves. It can also allow your users to log into Pro Custodibus to set up WireGuard on their own devices, or to use WireGuard with Multi-Factor Authentication.

Set Up

The connection between Pro Custodibus and your LDAP/AD servers is itself secured by WireGuard. This requires some initial coordination with our support team. See the LDAP Set Up documentation for more details.


Each host you want to manage via LDAP/AD should be represented as an entity in your directory store (for example, as a Device or a Computer). You can specify one or more groups of hosts to synchronize with Pro Custodibus. See the LDAP Hosts documentation for more details.


If you want to manage more than one interface for a host, additional interfaces should also be represented as entities. You can specify groups of these interfaces to synchronize with Pro Custodibus, the same way you specify groups of hosts. See the LDAP Interfaces documentation for more details.


If you want to allow users to log into Pro Custodibus to set up WireGuard on their own devices, or to use WireGuard MFA, you can specify a group containing those users to synchronize with Pro Custodibus. They should be connected to the hosts they use via an attribute of the host (for example, via the Owner or Managed-By attribute). See the LDAP Users documentation for more details.

Getting Started

To get started with the Pro Custodibus LDAP/AD integration:

  1. Set up the initial integration.

  2. Edit the configuration settings.

  3. Check the polling status.