Skip to main content

AD-LDAP

LDAP Environment Integration.

Requirements

The installation of the Single Agent is required on a domain joined machine.

Note:

The configuration of the AD-LDAP directory does not modify the directory schema. The synchronisation of AD runs on a 30 second interval.

Configuration

To configure the LDAP configuration:

  1. Set the domain of the directory as the Directory Label.
  2. Set the Assigned Agent from the drop-down list of available Single Agents.
High Availability

Multiple Single Agents can be assigned to an AD integration for high availability.

  1. Activate this agent: Switch this on to enable the integration.
  2. Set the Fully Qualified Domain Name of the Host Server.
  3. Set the integration type: Active directory/LDAP.
  4. Set the port: 389/636. If you have configured TLS certificates for LDAPS this should be 636.
  5. Authentication Type: Currently this can only be set to 'Basic'.
  6. Choose the format to map user accounts. Sets whether to import users by samaccountname or UserPrincipleName.
  7. Set the service account name. This account needs to exist in the directory with read permissions.
  8. Set the service account password: Domain service account password.
  9. Set the Fully Qualified Domain Name of the directory.
  10. Test the connection. This will check that the service acccount details can read the directory.

This links to an image

Synchronise

Set which AD User accounts and groups are imported into Access Management.

This links to an image

Synchronised users and groups can be viewed by navigating to the "Management" page.