On-Premises Active Directory

Follow

Perimeter 81 integrates with Active Directory/LDAP through the Active Directory/LDAP Connector that you install on your network.

The AD/LDAP Connector (1), is a bridge between your Active Directory (2) and the Perimeter 81 Service (3). This bridge is necessary because AD is typically restricted to your internal network, and Perimeter 81 is a cloud service running in a completely different context.

For high availability and load balancing, you can install multiple instances of the connector. All connections are out-bound from the connector to Perimeter 81, so changes to your firewall are generally unnecessary.

Configuring an AD/LDAP connection in Perimeter 81 requires two steps:

a. Enable an AD/LDAP Connection in Perimeter 81 management console and download the installer.
b. Install the connector on your network.

 

1. Enable an AD/LDAP Connection in Perimeter 81

Select Settings > Security > + Add Provider from the Perimeter 81 management dashboard.

Choose the Active Directory / LDAP and click on Continue

In the List of domain names field, list the user email domains that will be allowed to login to this AD/LDAP connection. For example perimeter81.com.

 

Click Continue. You are almost done on the Perimeter 81 side. Click the button on the next page to download the Install Windows Agent to your machine.

Make sure to keep the TICKET URL on hand as you will need it later.

 

2. Install the connector on your network

The Connector is packaged as a standard Microsoft Installer file (MSI). Download from here:

https://cdn.auth0.com/connector/windows/adldap-4.1.2.msi

  1. Run the installer

You will need to install the connector on the same machine that the Active Directory is running.
Run the installer and follow the instructions:

The AD/LDAP Connector in Windows is installed as a Windows Service:

2. Link to Perimeter 81

Once the installation is complete, you will see the following screen in a browser pointing to localhost:

Enter the TICKET URL provided when you provisioned the connection in the initial step above.

The TICKET URL uniquely identifies this connector in Perimeter 81. The Connector will use this to communicate with our service and automatically complete the configuration.

  1. Link to LDAP

Once you have entered the TICKET URL, you must enter the LDAP settings:

  • LDAP Connection String (eg: ldap://ldap.internal.acme.com): This is the protocol + the domain name or ip address of your LDAP server. Your LDAP server is the local domain controller where Active Directory is installed. The protocol can be either ldap or ldaps. If you need to use ldaps make sure that the certificate is valid in the current server. (auto-populate)
  • Base DN (eg: dc=acme,dc=com): This is the base container for all the queries performed by the connector.(auto-populate)
  • Username (eg: cn=svcauth0,dc=services,dc=acme,dc=com): The full distinguish name of a user with administrator rights to perform queries.
  • Password: The password of that user.

Once you submit the above information, the connector will perform a series of tests:

Make sure that all tests are in green.

  1. Apply custom configuration to the connector config file.

The config.json file is the AD/LDAP Connector's main configuration file. The file is located in the install directory for the AD/LDAP Connector, which (for Windows) is usually found at C:\Program Files (x86)\Auth0\AD LDAP Connector.

Modify the following row from:

  • "LDAP_USER_BY_NAME": "(cn={0})",

To:

  • "LDAP_USER_BY_NAME": "(mail={0})",

Save the config.json file.

Restart the AD/LDAP Connector service (the Auth0 ADLDAP service in Windows).

  1. Congratulations, your AD/LDAP is installed, connected and ready to use within Perimeter 81.

3. Access Error troubleshooting

If your users are getting access error after the configuration ,please check these steps.

1 out of 1 found this helpful

Comments

2 comments
  • I don't see the entry: "LDAP_USER_BY_NAME": "(cn={0})", on config.json.

    0
    Comment actions Permalink
  • If you don't have the DAP_USER_BY_NAME , Please add as follows on your config
    {
    "key1": "value1",
    "key2": "value2",
    "LDAP_USER_BY_NAME": "(mail={0})"

    }

    0
    Comment actions Permalink

Please sign in to leave a comment.