It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Access
Overview Documentation Training Certification Materials

Sync With LDAP/MSAD

  • Last updated on

To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector .

MSAD

Example configuration parameters (config.json file) for an MSAD installation:

{
  FYDE_ENROLLMENT_TOKEN="https://enterprise.fyde......", 
  FYDE_LDAP_HOST="192.168.1.169", 
  FYDE_LDAP_PROFILE="ad", 
  FYDE_LDAP_USER_SEARCH_BASE="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_GROUP_SEARCH_BASE="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_AUTH_METHOD="simple", 
  FYDE_LDAP_AUTH_USERNAME="User Name", 
  FYDE_LDAP_AUTH_PASSWORD="password"
}

Configuration Parameters

The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx. 

Basic Connection And Auth

Key

Default Value

Type

Description

FYDE_LDAP_HOST


string

LDAP server hostname/IP to connect to

FYDE_LDAP_PORT

389 or 636 (TLS)

string

LDAP server port to connect to

FYDE_LDAP_AUTH_METHOD


string

Authentication methods:

  • anon     Anonymous

  • simple  User/password

  • sasl_external

  • sasl_kerberos

  • ntlm

FYDE_LDAP_AUTH_USERNAME


string

Username for simple auth method

FYDE_LDAP_AUTH_PASSWORD


string

Password for simple auth method

FYDE_LDAP_AUTH_SASL_CREDENTIALS


string

SASL credentials for SASL auth method

FYDE_LDAP_USE_STARTTLS

true

bool

Use StartTLS for LDAP

FYDE_LDAP_USE_TLS

false

bool

Connect to LDAP using TLS

FYDE_LDAP_SNI

false

string

Use SNI hostname when using TLS

FYDE_LDAP_PRIVKEY


string

Specify private key for TLS auth

FYDE_LDAP_PRIVKEY_PASSWORD


string

Specify private key password for TLS auth

FYDE_LDAP_PUBKEY


string

Specify public key for TLS auth

FYDE_LDAP_CACERTS


string

Specify CA trusted certs

FYDE_LDAP_CHECK_CERTS

true

bool

Check if server certs are trusted or not

FYDE_LDAP_CHECK_HOSTNAME

true

bool

Check hostname on the certificate

FYDE_LDAP_CERT_ADDITIONAL_NAMES


string

Specify additional valid hostnames

More Advanced Options

Key

Default Value

Type

Description

FYDE_LDAP_DEBUG_DETAIL_LEVEL

error

string

LDAP level debugging levels:

Options:

  • off

  • error

  • basic

  • protocol

  • network

  • extended

FYDE_LDAP_PROFILE

ad

string

Enables vendor specific configurations. Options:

  • ad

  • custom

FYDE_LDAP_CONNECT_TIMEOUT

10

string

Connection timeout for the LDAP server (in seconds)

FYDE_LDAP_RECEIVE_TIMEOUT

60

string

Receive timeout

FYDE_LDAP_IGNORE_MALFORMED_SCHEMA

false

bool

Ignore errors caused by malformed schemas

FYDE_LDAP_USER_SEARCH_BASE


string

Search query to find user objects

FYDE_LDAP_USER_CLASS_FILTER


string

Search base to find user objects

FYDE_LDAP_USER_SEARCH_SCOPE

subtree

string

Scope to find user objects. Options:

  • subtree

  • singlelevel

FYDE_LDAP_USER_UUID


string

Specify user UUID attribute

FYDE_LDAP_USER_NAME


string

Attribute to get user name from

FYDE_LDAP_USER_PHONE


string

Attribute to get user phone from

FYDE_LDAP_USER_EMAIL


string

Attribute to get user email from

FYDE_LDAP_USER_DISABLED_FILTER


string

Attribute to get user disabled state from

FYDE_LDAP_USER_MODIFIED


string

Attribute to check user for last modification

FYDE_LDAP_USER_DELETED_FILTER


string

Search query to find deleted users

FYDE_LDAP_USER_DELETED_CONTROLS


string

Control OID for user deleted

FYDE_LDAP_GROUP_SEARCH_BASE


string

Search query to find group objects

FYDE_LDAP_GROUP_CLASS_FILTER


string

Search base to find group objects

FYDE_LDAP_GROUP_SEARCH_SCOPE

subtree

string

Scope to find group objects. Options:

  • subtree

  • singlelevel

FYDE_LDAP_GROUP_UUID


string

Specify group UUID attribute

FYDE_LDAP_GROUP_NAME


string

Attribute to get group name from

FYDE_LDAP_GROUP_MODIFIED


string

Attribute to check group for last modification

FYDE_LDAP_GROUP_DELETED_FILTER


string

Search query to find deleted groups

FYDE_LDAP_GROUP_DELETED_CONTROLS


string

Control OID for group deleted

FYDE_LDAP_MEMBERSHIP_OBJECT

group

string

Scope to find group objects. Options:

  • user

  • group

FYDE_LDAP_MEMBERSHIP_ATTRIBUTE


string

LDAP membership attribute