---
title: "Sync users ABAC attributes from LDAP"
slug: "sync-users-abac-attributes-from-ldap"
updated: 2026-06-08T12:46:40Z
published: 2026-06-08T12:46:40Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://developer.rocket.chat/llms.txt
> Use this file to discover all available pages before exploring further.

# Sync users ABAC attributes from LDAP

Post/api/v1/abac/users/sync![Defense](https://raw.githubusercontent.com/RocketChat/Rocket.Chat-Open-API/main/images/Defense.svg)

- Syncs ABAC attributes for specified users from LDAP.
- Refreshes user ABAC attributes by reading current data from LDAP and applying the configured LDAP → ABAC attribute mapping.
- Users can be identified by usernames, ids, emails, or ldapIds.
- Requires the LDAP Enterprise and ABAC licenses, the `abac-management` and `manage-abac-admin-room-attributes` permissions, and the global setting `ABAC_Enabled` to be turned on.

### Changelog

| Version | Description |
| --- | --- |
| 8.0.0 | Added |
| 8.5.0 | Added the `manage-abac-admin-room-attributes` granular permission requirement. |

Header parametersX-Auth-TokenstringRequired

The `authToken` of the authenticated user.

ExampleRScctEHSmLGZGywfIhWyRpyofhKOiMoUIpimhvheU3f
X-User-IdstringRequired

The `userId` of the authenticated user.

ExamplerbAXPnMktTFbNpwtJ

Body parameters

At least one of these properties is required:

- usernames (string[]) — Array of Rocket.Chat usernames (1–100 items, unique)
- ids (string[]) — Array of Rocket.Chat user IDs (1–100 items, unique)
- emails (string[]) — Array of email addresses (1–100 items, unique)
- ldapIds (string[]) — Array of LDAP IDs (1–100 items, unique)

<select class='api-response-data' aria-label='Media type'><option value='96bd2013-5d57-45df-ac91-78aa0d614513'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='a1edd907-e497-4617-ab1e-685ca3dad597'>Example 1</option>
</select>Example 1

```json
{
  "usernames": [
    "alice"
  ],
  "ids": [
    "userId1"
  ],
  "emails": [
    "bob@example.com"
  ],
  "ldapIds": [
    "ldapId123"
  ]
}
```

object  usernames Array of string   string    
ids Array of string   string    
emails Array of string   string    
ldapIds Array of string   string    

Responses200

OK

<select class='api-response-data' aria-label='Media type'><option value='400a4409-15b9-4c76-b848-d7fb844b6776'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='1fd69c4e-2442-4a96-9eb0-ca5aaaa04ba5'>Success</option>
</select>Success

```json
{
  "success": true
}
```

object  successboolean    

400

Bad Request

<select class='api-response-data' aria-label='Media type'><option value='639c6e39-c181-427a-bb43-9494301c248b'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='d8d01009-da9c-479f-ae75-e1b349a0a2f6'>ABAC disabled</option>
<option value='228f8d97-1327-455a-8e32-53d4dfcc040b'>Invalid body (schema validation)</option>
</select>ABAC disabled

```json
{
  "success": false,
  "error": "error-abac-not-enabled"
}
```

Invalid body (schema validation)

```json
{
  "success": false,
  "error": "error-invalid-body-params"
}
```

object  successboolean    
errorstring    

401

Unauthorized

<select class='api-response-data' aria-label='Media type'><option value='701aef05-5cd3-40e7-ac18-fccff853974a'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='c8880548-b91b-483f-bd1f-b7b9ee57537c'>Unauthorized login attempt</option>
</select>Unauthorized login attempt

```json
{
  "success": false,
  "error": "error-unauthorized"
}
```

object  successboolean    
errorstring    

403

Forbidden

<select class='api-response-data' aria-label='Media type'><option value='c2eedf05-041e-436d-91c9-8fce794c3559'>application/json</option>
</select><select class='select-example' aria-label='Media type'><option value='ec95ffb5-d844-4bef-8e54-e90dad623de0'>Missing required ABAC permissions</option>
</select>Missing required ABAC permissions

```json
{
  "success": false,
  "error": "error-not-authorized"
}
```

object  successboolean    
errorstring