PlatformProduct updates

LDAP

How to configure LDAP connection to gather permissions and access rights for groups, users, and other entities (Trustees) on an LDAP server.

Configuring LDAP connector in Dashboard

  • Navigate to Administration -> Data Sources -> LDAP -> New scan

  • Enter the details of the LDAP server to scan

    • Name: Give a name to the scan to identify it later

    • Username: The user must be an admin level and have access to all the LDAP utilities to be scanned. The username should be entered in the format [email protected]

    • Password: Password for the admin user

    • IP Address: The IP Address of the server where the LDAP is installed

    • Certificate (Optional): If the server to be scaned uses LDAPS (LDAP over SSL/TLS) enter the certificate text here. Otherwise leave it blank

    • Port: 389 is the default port for LDAP, however for Secure LDAP 636 is used

      • Use Global Catalog ports at 3268 (LDAP) and 3269 (LDAPS), in case standard ports doesn't allow us to traverse through the whole LDAP tree

    • Inactivity: This defines inactive users. Default is 90 days

    • Search base: This is the point in the LDAP directory where Focus will start searching from. In this example:

      • DC stands for Domain Component. An attribute used to represent domain levels

      • aws-gv is the name of the first-level domain

      • local is the top-level domain

      Together, DC=aws-gv,DC=local represents the domain aws-gv.local

  • Save the configuration

  • Once the configuration is saved, click on the icon on the right and select Start trustee scan to begin scanning

  • The scan results can be viewed under Dashboard -> Access Governance

PreviousConfluence CloudNextSMB

Last updated

Was this helpful?