LDAP integration in the Netop Portal (EN)
With the integration of Lightweight Directory Access Protocol (LDAP), the Netop Portal provides yet another way of integration into the company´s central user directory. This enables administrators to manage users and users' permissions from only one place – the company's user directory.
For security reasons, we use the LDAPS over the Internet to have an encrypted channel between the Netop Portal and the DCs. No passwords are stored in the Netop Portal and they will be checked on every login over an encrypted channel.
This article provides details on how to set up an LDAPS over the Internet and how to configure it in the Portal.
Setting up the LDAPS over the Internet
To use LDAPS over the Internet without a VPN tunnel without exposing the Domain Controller to the Internet, you should use a Read Only Domain Controller (RODC). Using RODC allows you to add an extra layer of security to the DC as it restricts the ability of hackers to compromise corporate users (they don't have access to user passwords and they cannot push any updates to the Global Catalogue (GC).
Introduced by Microsoft in Windows 2008, a RODC contains a replica of the Domain Controller data, except for user passwords (it does not store any passwords). The RODC handles the communication between the DC and the Internet.
To set up the LDAPS-over-the-Internet, follow these steps:
Netop Portal Configuration
To properly configure the LDAP server profile when adding an LDAP authentication method in the Portal (from Account>Authentication > Add LDAP), besides enabling the LDAP authentication method, configure the parameters for the LDAP server:
Once you've finished the LDAP server configuration, click Save LDAP authentication method and that's it. Now the users in your Active Directory can start using the Netop Portal
|Posted - Mon, Dec 4, 2017 2:16 PM.|
|Online URL: https://kb.netop.com/article/ldap-integration-in-the-netop-portal-en-468.html|