With the integration of Lightweight Directory Access Protocol (LDAP), the Netop Portal provides yet another way of integration into the company´s central user directory. This enables administrators to manage users and users' permissions from only one place – the company's user directory.
For security reasons, we use the LDAPS over the Internet to have an encrypted channel between the Netop Portal and the DCs. No passwords are stored in the Netop Portal and they will be checked on every login over an encrypted channel.
This article provides details on how to set up an LDAPS over the Internet and how to configure it in the Portal.
Prerequisites:
To use LDAPS over the Internet without a VPN tunnel without exposing the Domain Controller to the Internet, you should use a Read Only Domain Controller (RODC). Using RODC allows you to add an extra layer of security to the DC as it restricts the ability of hackers to compromise corporate users (they don't have access to user passwords and they cannot push any updates to the Global Catalogue (GC).
Introduced by Microsoft in Windows 2008, a RODC contains a replica of the Domain Controller data, except for user passwords (it does not store any passwords). The RODC handles the communication between the DC and the Internet.
To set up the LDAPS-over-the-Internet, follow these steps:
To properly configure the LDAP server profile when adding an LDAP authentication method in the Portal (from Account>Authentication > Add LDAP), besides enabling the LDAP authentication method, configure the parameters for the LDAP server:
Parameter |
Description |
Domain identifier |
|
LDAP Type |
The authentication type, in this scenario is LDAP |
Hostname |
The FQDN used by the LDAP server. |
Port |
The TCP port used by the LDAP server. |
Username |
The username attribute used by the Portal to query the external LDAP server. |
Password |
The password for the Bind DN account. |
Base DN |
The base, or node from where the ldapsearch should start. |
Once you've finished the LDAP server configuration, click Save LDAP authentication method and that's it. Now the users in your Active Directory can start using the Netop Portal
References
You Don't Need A VPN Part II - LDAP Integrations, User Data Imports, & the Internet solution
Article Number: 468
Posted: Mon, Dec 4, 2017 2:16 PM
Last Updated: Mon, Jan 15, 2018 7:22 AM
Online URL: https://kb.netop.com/article/ldap-integration-in-the-netop-portal-en-468.html