What is LDAP?
When you have apps on your on-premise network and need to use user authentication via Active Directory, you can connect your app to AD using LDAP protocol.
Two types of connectivity via LDAP
Unsecure
using only ldap without security in place will expose password being sent on the network as plain text
Secure
Using ldaps or SSL/TLS LDAP or Secure LDAP you are able to obscure ldap traffic
This will require you to have the ldap server’s certificate installed on the app server or imported to your app
Basic LDAP details
The basic ldap details you need to configure on your application are:
LDAP url
(ex. ldap://ldapserver.domain.com or ldaps://ldapserver.domain.com)
BaseDN
(ex. DC=domain,DC=com)
BindDN
(ex. CN=ldap_admin,OU=Users,DC=domain,DC=com)
Bind Password
(This will be the password of the ldap_admin account)
LDAP Port
(389, 636, 3268, 3269)
Final Notes
LDAPS would require you to install the ldap certificate on the app server end or imported in the app.
Some apps would require you to have the root certificate, chain certificate or just the ldap server certificate.
The ldap account used by your application must be non-expiring and it’s password must not expire as well, otherwise there will be issue with users logging in to the app.
LDAP url for secure ldap has ldaps indicated in the header
No comments:
Post a Comment