arangodb · nerpaula · Feb 21, 2024 · Feb 8, 2024 · Feb 8, 2024 · Feb 9, 2024
diff --git a/site/content/3.12/about-arangodb/features/_index.md b/site/content/3.12/about-arangodb/features/_index.md
@@ -94,7 +94,7 @@ security, such as for scaling graphs and managing your data safely.
 - Multi-tenant deployment option for the transactional guarantees and
   performance of a single server
 - Enhanced data security with on-disk and backup encryption, key rotation,
-  audit logging, and LDAP authentication
+  and audit logging
 - Incremental backups without downtime and off-site replication
 
 See all [Enterprise Edition Features](enterprise-edition.md).
@@ -121,7 +121,6 @@ See all [Enterprise Edition Features](enterprise-edition.md).
 | ACID transactions for multi-document / multi-collection queries on single servers, for single document operations in clusters, and for multi-document queries in clusters for collections with a single shard | In addition, ACID transactions for multi-collection queries using the OneShard feature |
 | Always read from leader shards in clusters | Optionally allow dirty reads to **read from followers** to scale reads |
 | TLS key and certificate rotation | In addition, **key rotation for JWT secrets** and **server name indication** (SNI) |
-| Built-in user management and authentication | Additional **LDAP authentication** option |
 | Only server logs | **Audit log** of server interactions |
 | No on-disk encryption | **Encryption at Rest** with hardware-accelerated on-disk encryption and key rotation |
 | Only regular backups | **Datacenter-to-Datacenter Replication** for disaster recovery |

diff --git a/site/content/3.12/about-arangodb/features/enterprise-edition.md b/site/content/3.12/about-arangodb/features/enterprise-edition.md
@@ -106,9 +106,6 @@ features outlined below. For additional information, see
 - [**Auditing**](../../operations/security/audit-logging.md):
   Audit logs of all server interactions.
 
-- [**LDAP Authentication**](../../components/arangodb-server/ldap.md):
-  ArangoDB user authentication with an LDAP server.
-
 - [**Encryption at Rest**](../../operations/security/encryption-at-rest.md):
   Hardware-accelerated on-disk encryption for your data.
 

diff --git a/site/content/3.12/components/arangodb-server/ldap.md b/site/content/3.12/components/arangodb-server/ldap.md
diff --git a/site/content/3.12/develop/http-api/monitoring/logs.md b/site/content/3.12/develop/http-api/monitoring/logs.md
@@ -477,10 +477,6 @@ paths:
                   description: |
                     One of the possible log topics.
                   type: string
-                ldap:
-                  description: |
-                    One of the possible log topics (_Enterprise Edition only_).
-                  type: string
                 libiresearch:
                   description: |
                     One of the possible log topics.

diff --git a/site/content/3.12/get-started/set-up-a-cloud-instance.md b/site/content/3.12/get-started/set-up-a-cloud-instance.md
@@ -160,7 +160,6 @@ there are a few key differences:
 - Foxx services are not allowed to call out to the internet by default for
   security reasons, but can be enabled on request.
   Incoming calls to Foxx services are fully supported.
-- LDAP authentication is not supported.
 - Datacenter-to-Datacenter Replication (DC2DC) is not yet available in a
   managed form.
 

diff --git a/site/content/3.12/operations/administration/user-management/_index.md b/site/content/3.12/operations/administration/user-management/_index.md
@@ -406,29 +406,3 @@ database. All changes to the access levels must be done using the
 [`@arangodb/users` module of the JavaScript API](in-arangosh.md),
 the [`/_api/user` HTTP API endpoints](../../../develop/http-api/users.md),
 or the web interface.
-
-### LDAP Users
-
-{{< tag "ArangoDB Enterprise Edition" "ArangoGraph" >}}
-
-ArangoDB supports LDAP as an external authentication system. For detailed
-information please have look into the
-[LDAP configuration guide](../../../components/arangodb-server/ldap.md).
-
-There are a few differences to *normal* ArangoDB users:
-- ArangoDB does not "*know*" LDAP users before they first authenticate.
-  Calls to various APIs using endpoints in `_api/users/*` will **fail** until
-  the user first logs-in.
-- Access levels of each user are periodically updated. This will happen by
-  default every *5 minutes*.
-- It is not possible to change permissions on LDAP users directly, only on **roles**
-- LDAP users cannot store configuration data per user
-  (affects for example custom settings in the graph viewer).
-
-To grant access for an LDAP user you will need to create *roles* within the
-ArangoDB server. A role is just a user with the `:role:` prefix in its name.
-Role users cannot login as database users, the `:role:` prefix ensures this.
-Your LDAP users will need to have at least one role; once users log in they
-will be automatically granted the union of all access rights of all their roles.
-Note that a lower right grant in one role will be overwritten by a higher
-access grant in a different role.
diff --git a/site/content/3.12/operations/administration/user-management/in-arangosh.md b/site/content/3.12/operations/administration/user-management/in-arangosh.md
@@ -118,8 +118,7 @@ curl --dump - http://127.0.0.1:8529/_api/version
 `users.save(user, passwd, active, extra)`
 
 This will create a new ArangoDB user. The user name must be specified in *user*
-and must not be empty. Note that usernames *must* not start with `:role:`
-(reserved for LDAP authentication).
+and must not be empty.
 
 The password must be given as a string, too, but can be left empty if
 required. If you pass the special value *ARANGODB_DEFAULT_ROOT_PASSWORD*, the

diff --git a/site/content/3.12/operations/installation/compiling/compile-on-debian.md b/site/content/3.12/operations/installation/compiling/compile-on-debian.md
@@ -69,7 +69,6 @@ sudo aptitude -y install git-core \
     libjemalloc-dev \
     cmake \
     python2.7 \
-sudo aptitude -y install libldap2-dev # Enterprise Edition only
 ```
 
 ## Download the Source

diff --git a/site/content/3.12/release-notes/deprecated-and-removed-features.md b/site/content/3.12/release-notes/deprecated-and-removed-features.md
@@ -12,6 +12,7 @@ aliases:
   - ../deploy/active-failover/manual-start
   - ../deploy/active-failover/administration
   - ../deploy/active-failover
+  - ../components/arangodb-server/ldap
 ---
 Features listed on this page should no longer be used because they have been
 deprecated and may get removed in a future release, or have been removed already
@@ -33,6 +34,10 @@ detailed information about breaking changes before upgrading.
   You can use [cluster deployments](../deploy/cluster/_index.md) instead, which
   offer better resilience and synchronous replication.
 
+- **LDAP authentication**:
+  ArangoDB user authentication with an LDAP server in the Enterprise Edition is
+  no longer available starting with v3.12.
+
 - **Standalone Agency and Agency HTTP API**:
   The Standalone Agency deployment mode and the corresponding Agency HTTP API
   are no longer available starting with v3.12. 

diff --git a/site/content/3.12/release-notes/version-3.12/api-changes-in-3-12.md b/site/content/3.12/release-notes/version-3.12/api-changes-in-3-12.md
@@ -188,6 +188,12 @@ The [`/_api/analyzer` endpoints](../../develop/http-api/analyzers.md) supports
 a new `multi_delimiter` Analyzer that accepts an array of strings in a
 `delimiter` attribute of the `properties` object.
 
+#### Log API
+
+The [`/_admin/log/*` endpoints](../../develop/http-api/monitoring/logs.md) no
+longer use the `ldap` log topic. Changing the log level of the `ldap` topic or
+any other unknown topic is not an error, however.
+
 ### Privilege changes
 
 

diff --git a/site/content/3.12/release-notes/version-3.12/incompatible-changes-in-3-12.md b/site/content/3.12/release-notes/version-3.12/incompatible-changes-in-3-12.md
@@ -19,6 +19,19 @@ offer better resilience and synchronous replication. Also see the
 See [Single instance vs. Cluster deployments](../../deploy/single-instance-vs-cluster.md)
 for details about how a cluster deployment differs and how to migrate to it.
 
+## LDAP authentication
+
+Support for ArangoDB user authentication with an LDAP server in the
+Enterprise Edition has been removed.
+
+- All `--ldap.*` and `--ldap2.*` startup options have been removed
+- The `--server.authentication-timeout` startup option ...
+  TODO: still a regular option (not obsoleted) even though it previously stated "This option is only necessary if you use an external authentication system like LDAP."
+- The `--server.local-authentication` startup option has been obsoleted and
+  will be fully removed in a future version
+- The `ldap` log topic is no longer available and specifying it in the
+  `--log.level` startup option raises a warning
+
 ## Little-endian on-disk key format for the RocksDB storage engine
 
 ArangoDB 3.12 does not support the little-endian on-disk key for the RocksDB

diff --git a/site/content/3.12/release-notes/version-3.2/whats-new-in-3-2.md b/site/content/3.12/release-notes/version-3.2/whats-new-in-3-2.md
@@ -342,7 +342,7 @@ are available in the *Enterprise Edition*.
 
 ## Authentication
 
-- added [LDAP](../../components/arangodb-server/ldap.md) authentication (Enterprise Edition only)
+- added LDAP authentication (Enterprise Edition only)
 
 ## Authorization
 

diff --git a/site/content/3.12/release-notes/version-3.3/whats-new-in-3-3.md b/site/content/3.12/release-notes/version-3.3/whats-new-in-3-3.md
@@ -232,9 +232,6 @@ The following options have been added to it:
   - `--ldap.roles-exclude`
   - `--ldap.superuser-role`
 
-  Please refer to [LDAP](../../components/arangodb-server/ldap.md) for a detailed
-  explanation.
-
 ## Miscellaneous features
 
 - when creating a collection in the cluster, there is now an optional