LDAP
How to configure LDAP connection to gather permissions and access rights for groups, users, and other entities (Trustees) on an LDAP server.
Last updated
Was this helpful?
How to configure LDAP connection to gather permissions and access rights for groups, users, and other entities (Trustees) on an LDAP server.
Last updated
Was this helpful?
Navigate to Administration -> Data Sources -> LDAP -> New scan
Enter the details of the LDAP server to scan
Name: Give a name to the scan to identify it later
Username: The user must be an admin level and have access to all the LDAP utilities to be scanned. The username should be entered in the format user@domain.com
Password: Password for the admin user
IP Address: The IP Address of the server where the LDAP is installed
Certificate (Optional): If the server to be scaned uses LDAPS (LDAP over SSL/TLS) enter the certificate text here. Otherwise leave it blank
Port: 389 is the default port for LDAP, however for Secure LDAP 636 is used
Use Global Catalog ports at 3268 (LDAP) and 3269 (LDAPS), in case standard ports doesn't allow us to traverse through the whole LDAP tree
Inactivity: This defines inactive users. Default is 90 days
Search base: This is the point in the LDAP directory where Focus will start searching from. In this example:
DC stands for Domain Component. An attribute used to represent domain levels
aws-gv is the name of the first-level domain
local is the top-level domain
Together, DC=aws-gv,DC=local represents the domain aws-gv.local
Save the configuration
Once the configuration is saved, click on the icon on the right and select Start trustee scan to begin scanning
The scan results can be viewed under Dashboard -> Access Governance
