LDAP Configuration

Posted on 3rd October 2016

Active Directory Settings

The administrator can configure the authentication settings for Active Directory under Foldr Settings >> General >> LDAP.   If Active Directory is not being used, this section can be skipped, and local user accounts created directly in the Users & Groups tab in Foldr Settings.

Active Directory Settings

The LDAP Server should be configured to point at one (or optionally more) Windows Domain Controllers on the internal network, prefixed with ldap://

i.e. ldap://domain_controller.company.internal

(FQDN or IP address of a domain controller.  Note – ldap:// prefix)

LDAP Search DN:

DC=company,DC=internal

The example shown above will search for users and groups in the root of the Active Directory domain.  The Search DN could be used to also control which users are allowed to sign into Foldr, but a superior and more granular method for doing can be found within the Security tab

LDAPS Support

If the domain supports LDAPS, simply prefix the LDAP Server address with ‘ldaps://’ – You can optionally append a port; if this is not done Foldr will assume the default port of 636 is being used.

Example LDAP Settings:

LDAPS is required if you intend to use Active Directory password change control, delegated or self-service password reset features in Foldr.  LDAPS is required if you intend to use the password change control, delegated or self-service password reset features in Foldr.  Enabling LDAPS on a Windows domain controller is typically done by default after installing the Domain Certificate Services >> Enterprise CA role in Server Manager.  However, there are considerations to be made when enabling this in your AD infrastructure:

Azure Active Directory

Foldr can be deployed within the Microsoft Azure cloud platform and can authenticate directly against the Azure Active Directory without the need to deploy additional Windows domain controller VMs.

You can authenticate using either LDAP or LDAPS (a suitable SSL certificate needs to installed within the Azure portal for LDAPS support).

Example LDAPS settings are shown below:

 

Note – All features are available if Foldr is configured against Azure Active Directory apart from password change control / delegated password reset, regardless if LDAPS is enabled.

Need more help?

Get in touch with our friendly help desk who will be happy to assist you, support@foldr.io