To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector .
MSAD
Example configuration parameters (config.json file) for an MSAD installation:
{
FYDE_ENROLLMENT_TOKEN="https://enterprise.fyde......",
FYDE_LDAP_HOST="192.168.1.169",
FYDE_LDAP_PROFILE="ad",
FYDE_LDAP_USER_SEARCH_BASE="ou=Users,ou=MyOrg,dc=myorg,dc=com",
FYDE_LDAP_GROUP_SEARCH_BASE="ou=Groups,ou=MyOrg,dc=myorg,dc=com",
FYDE_LDAP_AUTH_METHOD="simple",
FYDE_LDAP_AUTH_USERNAME="User Name",
FYDE_LDAP_AUTH_PASSWORD="password"
}
Configuration Parameters
The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx.
Basic Connection And Auth
Key | Default Value | Type | Description |
---|---|---|---|
FYDE_LDAP_HOST | string | LDAP server hostname/IP to connect to | |
FYDE_LDAP_PORT | 389 or 636 (TLS) | string | LDAP server port to connect to |
FYDE_LDAP_AUTH_METHOD | string | Authentication methods:
| |
FYDE_LDAP_AUTH_USERNAME | string | Username for | |
FYDE_LDAP_AUTH_PASSWORD | string | Password for | |
FYDE_LDAP_AUTH_SASL_CREDENTIALS | string | SASL credentials for SASL auth method | |
FYDE_LDAP_USE_STARTTLS | true | bool | Use StartTLS for LDAP |
FYDE_LDAP_USE_TLS | false | bool | Connect to LDAP using TLS |
FYDE_LDAP_SNI | false | string | Use SNI hostname when using TLS |
FYDE_LDAP_PRIVKEY | string | Specify private key for TLS auth | |
FYDE_LDAP_PRIVKEY_PASSWORD | string | Specify private key password for TLS auth | |
FYDE_LDAP_PUBKEY | string | Specify public key for TLS auth | |
FYDE_LDAP_CACERTS | string | Specify CA trusted certs | |
FYDE_LDAP_CHECK_CERTS | true | bool | Check if server certs are trusted or not |
FYDE_LDAP_CHECK_HOSTNAME | true | bool | Check hostname on the certificate |
FYDE_LDAP_CERT_ADDITIONAL_NAMES | string | Specify additional valid hostnames |
More Advanced Options
Key | Default Value | Type | Description |
---|---|---|---|
FYDE_LDAP_DEBUG_DETAIL_LEVEL | error | string | LDAP level debugging levels: Options:
|
FYDE_LDAP_PROFILE | ad | string | Enables vendor specific configurations. Options:
|
FYDE_LDAP_CONNECT_TIMEOUT | 10 | string | Connection timeout for the LDAP server (in seconds) |
FYDE_LDAP_RECEIVE_TIMEOUT | 60 | string | Receive timeout |
FYDE_LDAP_IGNORE_MALFORMED_SCHEMA | false | bool | Ignore errors caused by malformed schemas |
FYDE_LDAP_USER_SEARCH_BASE | string | Search query to find user objects | |
FYDE_LDAP_USER_CLASS_FILTER | string | Search base to find user objects | |
FYDE_LDAP_USER_SEARCH_SCOPE | subtree | string | Scope to find user objects. Options:
|
FYDE_LDAP_USER_UUID | string | Specify user UUID attribute | |
FYDE_LDAP_USER_NAME | string | Attribute to get user name from | |
FYDE_LDAP_USER_PHONE | string | Attribute to get user phone from | |
FYDE_LDAP_USER_EMAIL | string | Attribute to get user email from | |
FYDE_LDAP_USER_DISABLED_FILTER | string | Attribute to get user disabled state from | |
FYDE_LDAP_USER_MODIFIED | string | Attribute to check user for last modification | |
FYDE_LDAP_USER_DELETED_FILTER | string | Search query to find deleted users | |
FYDE_LDAP_USER_DELETED_CONTROLS | string | Control OID for user deleted | |
FYDE_LDAP_GROUP_SEARCH_BASE | string | Search query to find group objects | |
FYDE_LDAP_GROUP_CLASS_FILTER | string | Search base to find group objects | |
FYDE_LDAP_GROUP_SEARCH_SCOPE | subtree | string | Scope to find group objects. Options:
|
FYDE_LDAP_GROUP_UUID | string | Specify group UUID attribute | |
FYDE_LDAP_GROUP_NAME | string | Attribute to get group name from | |
FYDE_LDAP_GROUP_MODIFIED | string | Attribute to check group for last modification | |
FYDE_LDAP_GROUP_DELETED_FILTER | string | Search query to find deleted groups | |
FYDE_LDAP_GROUP_DELETED_CONTROLS | string | Control OID for group deleted | |
FYDE_LDAP_MEMBERSHIP_OBJECT | group | string | Scope to find group objects. Options:
|
FYDE_LDAP_MEMBERSHIP_ATTRIBUTE | string | LDAP membership attribute |