Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section describes how to use Active Directory for authenticating users with the LDAP server.

The LDAP settings include:

  • General

    • Initial

      Initial context factory 

    • Provider

      Provider URL – the connection URL to the LDAP server (you can use several URLs to multiple LDAP servers separated by a space).

  • Manager Settings (optional)

    • Manager Path

       

       – the manager DN for searching users

    • Manager password – the manager’s password

  • Search Settings

    • Root path

       the

      – the path for starting to search users.


       

      In case there's a need to search user's information from multiple domains, it is required to enter [ALL DOMAINS] in root path of the LDAP configuration

    • Search filter

       how

      – how to search the users in the LDAP directory; the {0} is replaced with username.

    • User path 

       full

      – full path of the user DN; the {0} is replaced with

      username

      username. For example: uid={0},ou=people,cn=xplg

    • Unique id attribute

       

       – optional; which attribute of the user will

      be provided

      be provided as the unique id of the user.

    • Display name attribute

       

       – optional; which attribute of the

      user will

      user will be provided as the display name of the user.

  • Further Settings

    • Group id pattern

    • Groups attribute

To configure Active Directory authentication:

  1. In Provider URL

    • For a non secured connection type the URL to the active directory server – ldap://ACTIVEDIRECTORYSERVER:389/  (for several LDAP servers enter a space separated list of URLs)

    • For a secured connection type the URL to the active directory server – ldaps://ACTIVEDIRECTORYSERVER:636/

...

    •   (for several LDAPS servers enter a space separated list of URLs)

  1. In Search Filter, type sAMAccountName={0}

...

  1. In case there's a need in a Manager path to search the Active Directory, enter the full distinguishedName of the user that that will be used to search the active directory (go to the AD explorer, right click the user > properties and copy the user's distinguished path. For example: CN=USER_NAME,CU=Admins,OU=Users,OU=MyBusiness,DC=xpolog,DC=local) and its password.

  2. In User path, type USER_DOMAIN\{0}, where USER_DOMAIN is the domain of your users (for several domains use a semicolon separated list USER_DOMAIN_1\{0};USER_DOMAIN_2\{0};...USER_DOMAIN_N\{0}).

  3. In Unique id attribute, type sAMAccountName.

  4. In Display name attribute,type displayName.

  5. In Groups attribute, type memberOf.

  6. Click save.
    The LDAP configuration is saved. 

 

Configuration example:

...

Verification

...

After you have completed the above steps and saved them. Try to login to XpoLog using the LDAP/AD credentials, if you're logged in successfully then the authentication passed properly.
The next phase is to verify that XpoLog was able to retrieve the Groups of the user from the Active Directory, to verify it go to the XpoLog audit log and look for the phrase. "get the following groups" in it. If you see there a list of groups then you are done and verified that XpoLog is able to authenticate users and retrieve their groups from the Active Directory.

The next phase will be to add relevant groups to XpoLog and assign security policies on them.