To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector .
MSAD
Example configuration parameters (config.json file) for an MSAD installation:
{
  FYDE_ENROLLMENT_TOKEN="https://enterprise.fyde......", 
  FYDE_LDAP_HOST="192.168.1.169", 
  FYDE_LDAP_PROFILE="ad", 
  FYDE_LDAP_USER_SEARCH_BASE="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_GROUP_SEARCH_BASE="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  FYDE_LDAP_AUTH_METHOD="simple", 
  FYDE_LDAP_AUTH_USERNAME="User Name", 
  FYDE_LDAP_AUTH_PASSWORD="password"
}Configuration Parameters
The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx.
Basic Connection And Auth
| Key | Default Value | Type | Description | 
|---|---|---|---|
| FYDE_LDAP_HOST | string | LDAP server hostname/IP to connect to | |
| FYDE_LDAP_PORT | 389 or 636 (TLS) | string | LDAP server port to connect to | 
| FYDE_LDAP_AUTH_METHOD | string | Authentication methods: 
 | |
| FYDE_LDAP_AUTH_USERNAME | string | Username for  | |
| FYDE_LDAP_AUTH_PASSWORD | string | Password for  | |
| FYDE_LDAP_AUTH_SASL_CREDENTIALS | string | SASL credentials for SASL auth method | |
| FYDE_LDAP_USE_STARTTLS | true | bool | Use StartTLS for LDAP | 
| FYDE_LDAP_USE_TLS | false | bool | Connect to LDAP using TLS | 
| FYDE_LDAP_SNI | false | string | Use SNI hostname when using TLS | 
| FYDE_LDAP_PRIVKEY | string | Specify private key for TLS auth | |
| FYDE_LDAP_PRIVKEY_PASSWORD | string | Specify private key password for TLS auth | |
| FYDE_LDAP_PUBKEY | string | Specify public key for TLS auth | |
| FYDE_LDAP_CACERTS | string | Specify CA trusted certs | |
| FYDE_LDAP_CHECK_CERTS | true | bool | Check if server certs are trusted or not | 
| FYDE_LDAP_CHECK_HOSTNAME | true | bool | Check hostname on the certificate | 
| FYDE_LDAP_CERT_ADDITIONAL_NAMES | string | Specify additional valid hostnames | 
More Advanced Options
| Key | Default Value | Type | Description | 
|---|---|---|---|
| FYDE_LDAP_DEBUG_DETAIL_LEVEL | error | string | LDAP level debugging levels: Options: 
 | 
| FYDE_LDAP_PROFILE | ad | string | Enables vendor specific configurations. Options: 
 | 
| FYDE_LDAP_CONNECT_TIMEOUT | 10 | string | Connection timeout for the LDAP server (in seconds) | 
| FYDE_LDAP_RECEIVE_TIMEOUT | 60 | string | Receive timeout | 
| FYDE_LDAP_IGNORE_MALFORMED_SCHEMA | false | bool | Ignore errors caused by malformed schemas | 
| FYDE_LDAP_USER_SEARCH_BASE | string | Search query to find user objects | |
| FYDE_LDAP_USER_CLASS_FILTER | string | Search base to find user objects | |
| FYDE_LDAP_USER_SEARCH_SCOPE | subtree | string | Scope to find user objects. Options: 
 | 
| FYDE_LDAP_USER_UUID | string | Specify user UUID attribute | |
| FYDE_LDAP_USER_NAME | string | Attribute to get user name from | |
| FYDE_LDAP_USER_PHONE | string | Attribute to get user phone from | |
| FYDE_LDAP_USER_EMAIL | string | Attribute to get user email from | |
| FYDE_LDAP_USER_DISABLED_FILTER | string | Attribute to get user disabled state from | |
| FYDE_LDAP_USER_MODIFIED | string | Attribute to check user for last modification | |
| FYDE_LDAP_USER_DELETED_FILTER | string | Search query to find deleted users | |
| FYDE_LDAP_USER_DELETED_CONTROLS | string | Control OID for user deleted | |
| FYDE_LDAP_GROUP_SEARCH_BASE | string | Search query to find group objects | |
| FYDE_LDAP_GROUP_CLASS_FILTER | string | Search base to find group objects | |
| FYDE_LDAP_GROUP_SEARCH_SCOPE | subtree | string | Scope to find group objects. Options: 
 | 
| FYDE_LDAP_GROUP_UUID | string | Specify group UUID attribute | |
| FYDE_LDAP_GROUP_NAME | string | Attribute to get group name from | |
| FYDE_LDAP_GROUP_MODIFIED | string | Attribute to check group for last modification | |
| FYDE_LDAP_GROUP_DELETED_FILTER | string | Search query to find deleted groups | |
| FYDE_LDAP_GROUP_DELETED_CONTROLS | string | Control OID for group deleted | |
| FYDE_LDAP_MEMBERSHIP_OBJECT | group | string | Scope to find group objects. Options: 
 | 
| FYDE_LDAP_MEMBERSHIP_ATTRIBUTE | string | LDAP membership attribute | 
