It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Sync With LDAP/MSAD

  • Last updated on

To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector.

MSAD

Example configuration parameters (config.json file) for an MSAD installation:

{
  enrollment_token="https://enterprise.fyde......", 
  ldap_host="192.168.1.169", 
  ldap_profile="ad", 
  ldap_user_search_base="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  ldap_group_search_base="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  ldap_auth_method="simple", 
  ldap_auth_username="User Name", 
  ldap_auth_password="password"
}

Configuration Parameters

The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx. 

Basic Connection And Auth
KeyDefault ValueTypeDescription
ldap_host
stringLDAP server hostname/IP to connect to
ldap_port389 or 636 (TLS)stringLDAP server port to connect to
ldap_auth_method
string

Authentication methods:

  • anon     Anonymous
  • simple  User/password
  • sasl_external
  • sasl_kerberos
  • ntlm
ldap_auth_username
stringUsername for simple auth method
ldap_auth_password
stringPassword for simple auth method
ldap_auth_sasl_credentials
stringSASL credentials for SASL auth method

ldap_use_starttls

trueboolUse StartTLS for LDAP
ldap_use_tlsfalseboolConnect to LDAP using TLS

ldap_sni

falsestringUse SNI hostname when using TLS
ldap_privkey
stringSpecify private key for TLS auth

ldap_privkey_password


stringSpecify private key password for TLS auth
ldap_pubkey
stringSpecify public key for TLS auth
ldap_cacerts
stringSpecify CA trusted certs
ldap_check_certstrueboolCheck if server certs are trusted or not
ldap_check_hostnametrueboolCheck hostname on the certificate
ldap_cert_additional_names
stringSpecify additional valid hostnames
More Advanced Options
KeyDefault ValueTypeDescription
ldap_debug_detail_levelerrorstring

LDAP level debugging levels:

Options:

  • off
  • error
  • basic
  • protocol
  • network
  • extended
ldap_profileadstring

Enables vendor specific configurations. Options:

  • ad
  • custom

ldap_connect_timeout

10stringConnection timeout for the LDAP server (in seconds)

ldap_receive_timeout 

60string

Receive timeout

ldap_ignore_malformed_schemafalseboolIgnore errors caused by malformed schemas
ldap_user_search_base
stringSearch query to find user objects
ldap_user_class_filter
stringSearch base to find user objects
ldap_user_search_scopesubtreestring

Scope to find user objects. Options:

  • subtree
  • singlelevel
ldap_user_uuid
string

Specify user UUID attribute

ldap_user_name


stringAttribute to get user name from
ldap_user_phone
stringAttribute to get user phone from
ldap_user_email
stringAttribute to get user email from
ldap_user_disabled_filter
stringAttribute to get user disabled state from
ldap_user_modified
stringAttribute to check user for last modification
ldap_user_deleted_filter
stringSearch query to find deleted users
ldap_user_deleted_controls
stringControl OID for user deleted
ldap_group_search_base
stringSearch query to find group objects
ldap_group_class_filter
stringSearch base to find group objects
ldap_group_search_scopesubtreestring

Scope to find group objects. Options:

  • subtree
  • singlelevel
ldap_group_uuid
stringSpecify group UUID attribute

ldap_group_name


stringAttribute to get group name from
ldap_group_modified
stringAttribute to check group for last modification
ldap_group_deleted_filter
stringSearch query to find deleted groups
ldap_group_deleted_controls
stringControl OID for group deleted
ldap_membership_objectgroupstring

Scope to find group objects. Options:

  • user
  • group
ldap_membership_attribute
stringLDA membership attribute