It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Sync With LDAP/MSAD

  • Last updated on

To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector .

MSAD

Example configuration parameters (config.json file) for an MSAD installation:

{
  FYDE_ENROLLMENT_TOKEN="https://enterprise.fyde......", 
  FYDE_LDAP_HOST="192.168.1.169", 
  FYDE_LDAP_PROFILE="ad", 
  FYDE_LDAP_USER_SEARCH_BASE="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_GROUP_SEARCH_BASE="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_AUTH_METHOD="simple", 
  FYDE_LDAP_AUTH_USERNAME="User Name", 
  FYDE_LDAP_AUTH_PASSWORD="password"
}

Configuration Parameters

The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx. 

Basic Connection And Auth

Key

Default Value

Type

Description

FYDE_LDAP_HOST


string

LDAP server hostname/IP to connect to

FYDE_LDAP_PORT

389 or 636 (TLS)

string

LDAP server port to connect to

FYDE_LDAP_AUTH_METHOD


string

Authentication methods:

  • anon     Anonymous

  • simple  User/password

  • sasl_external

  • sasl_kerberos

  • ntlm

FYDE_LDAP_AUTH_USERNAME


string

Username for simple auth method

FYDE_LDAP_AUTH_PASSWORD


string

Password for simple auth method

FYDE_LDAP_AUTH_SASL_CREDENTIALS


string

SASL credentials for SASL auth method

FYDE_LDAP_USE_STARTTLS

true

bool

Use StartTLS for LDAP

FYDE_LDAP_USE_TLS

false

bool

Connect to LDAP using TLS

FYDE_LDAP_SNI

false

string

Use SNI hostname when using TLS

FYDE_LDAP_PRIVKEY


string

Specify private key for TLS auth

FYDE_LDAP_PRIVKEY_PASSWORD


string

Specify private key password for TLS auth

FYDE_LDAP_PUBKEY


string

Specify public key for TLS auth

FYDE_LDAP_CACERTS


string

Specify CA trusted certs

FYDE_LDAP_CHECK_CERTS

true

bool

Check if server certs are trusted or not

FYDE_LDAP_CHECK_HOSTNAME

true

bool

Check hostname on the certificate

FYDE_LDAP_CERT_ADDITIONAL_NAMES


string

Specify additional valid hostnames

More Advanced Options

Key

Default Value

Type

Description

FYDE_LDAP_DEBUG_DETAIL_LEVEL

error

string

LDAP level debugging levels:

Options:

  • off

  • error

  • basic

  • protocol

  • network

  • extended

FYDE_LDAP_PROFILE

ad

string

Enables vendor specific configurations. Options:

  • ad

  • custom

FYDE_LDAP_CONNECT_TIMEOUT

10

string

Connection timeout for the LDAP server (in seconds)

FYDE_LDAP_RECEIVE_TIMEOUT

60

string

Receive timeout

FYDE_LDAP_IGNORE_MALFORMED_SCHEMA

false

bool

Ignore errors caused by malformed schemas

FYDE_LDAP_USER_SEARCH_BASE


string

Search query to find user objects

FYDE_LDAP_USER_CLASS_FILTER


string

Search base to find user objects

FYDE_LDAP_USER_SEARCH_SCOPE

subtree

string

Scope to find user objects. Options:

  • subtree

  • singlelevel

FYDE_LDAP_USER_UUID


string

Specify user UUID attribute

FYDE_LDAP_USER_NAME


string

Attribute to get user name from

FYDE_LDAP_USER_PHONE


string

Attribute to get user phone from

FYDE_LDAP_USER_EMAIL


string

Attribute to get user email from

FYDE_LDAP_USER_DISABLED_FILTER


string

Attribute to get user disabled state from

FYDE_LDAP_USER_MODIFIED


string

Attribute to check user for last modification

FYDE_LDAP_USER_DELETED_FILTER


string

Search query to find deleted users

FYDE_LDAP_USER_DELETED_CONTROLS


string

Control OID for user deleted

FYDE_LDAP_GROUP_SEARCH_BASE


string

Search query to find group objects

FYDE_LDAP_GROUP_CLASS_FILTER


string

Search base to find group objects

FYDE_LDAP_GROUP_SEARCH_SCOPE

subtree

string

Scope to find group objects. Options:

  • subtree

  • singlelevel

FYDE_LDAP_GROUP_UUID


string

Specify group UUID attribute

FYDE_LDAP_GROUP_NAME


string

Attribute to get group name from

FYDE_LDAP_GROUP_MODIFIED


string

Attribute to check group for last modification

FYDE_LDAP_GROUP_DELETED_FILTER


string

Search query to find deleted groups

FYDE_LDAP_GROUP_DELETED_CONTROLS


string

Control OID for group deleted

FYDE_LDAP_MEMBERSHIP_OBJECT

group

string

Scope to find group objects. Options:

  • user

  • group

FYDE_LDAP_MEMBERSHIP_ATTRIBUTE


string

LDAP membership attribute