It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Sync With LDAP/MSAD

  • Last updated on

To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector.

MSAD

Example configuration parameters (config.json file) for an MSAD installation:

{
  enrollment_token="https://enterprise.fyde......", 
  ldap_host="192.168.1.169", 
  ldap_profile="ad", 
  ldap_user_search_base="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  ldap_group_search_base="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  ldap_auth_method="simple", 
  ldap_auth_username="User Name", 
  ldap_auth_password="password"
}

Configuration Parameters

The LDAP-specific parameters are listed in the tables below. See also General parameters.

Basic Connection And Auth
KeyDefault ValueTypeDescription
ldap_host stringLDAP server hostname/IP to connect to
ldap_port389 or 636 (TLS)stringLDAP server port to connect to
ldap_auth_method string

Authentication methods:

  • anon     Anonymous
  • simple  User/password
  • sasl_external
  • sasl_kerberos
  • ntlm
ldap_auth_username stringUsername for simple auth method
ldap_auth_password stringPassword for simple auth method
ldap_auth_sasl_credentials stringSASL credentials for SASL auth method

ldap_use_starttls

trueboolUse StartTLS for LDAP
ldap_use_tlsfalseboolConnect to LDAP using TLS

ldap_sni

falsestringUse SNI hostname when using TLS
ldap_privkey stringSpecify private key for TLS auth

ldap_privkey_password

 stringSpecify private key password for TLS auth
ldap_pubkey stringSpecify public key for TLS auth
ldap_cacerts stringSpecify CA trusted certs
ldap_check_certstrueboolCheck if server certs are trusted or not
ldap_check_hostnametrueboolCheck hostname on the certificate
ldap_cert_additional_names stringSpecify additional valid hostnames
More Advanced Options
KeyDefault ValueTypeDescription
ldap_debug_detail_levelerrorstring

LDAP level debugging levels:

Options:

  • off
  • error
  • basic
  • protocol
  • network
  • extended
ldap_profileadstring

Enables vendor specific configurations. Options:

  • ad
  • custom

ldap_connect_timeout

10stringConnection timeout for the LDAP server (in seconds)

ldap_receive_timeout 

60string

Receive timeout

ldap_ignore_malformed_schemafalseboolIgnore errors caused by malformed schemas
ldap_user_search_base stringSearch query to find user objects
ldap_user_class_filter stringSearch base to find user objects
ldap_user_search_scopesubtreestring

Scope to find user objects. Options:

  • subtree
  • singlelevel
ldap_user_uuid string

Specify user UUID attribute

ldap_user_name

 stringAttribute to get user name from
ldap_user_phone stringAttribute to get user phone from
ldap_user_email stringAttribute to get user email from
ldap_user_disabled_filter stringAttribute to get user disabled state from
ldap_user_modified stringAttribute to check user for last modification
ldap_user_deleted_filter stringSearch query to find deleted users
ldap_user_deleted_controls stringControl OID for user deleted
ldap_group_search_base stringSearch query to find group objects
ldap_group_class_filter stringSearch base to find group objects
ldap_group_search_scopesubtreestring

Scope to find group objects. Options:

  • subtree
  • singlelevel
ldap_group_uuid stringSpecify group UUID attribute

ldap_group_name

 stringAttribute to get group name from
ldap_group_modified stringAttribute to check group for last modification
ldap_group_deleted_filter stringSearch query to find deleted groups
ldap_group_deleted_controls stringControl OID for group deleted
ldap_membership_objectgroupstring

Scope to find group objects. Options:

  • user
  • group
ldap_membership_attribute stringLDA membership attribute
Last updated on