How to manage LDAP/AD servers

3 minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

senhasegura allows you to use Active Directory (AD) for identity management. If you want to use AD with senhasegura, follow the steps below.

Register an LDAP/AD server

On senhasegura, in the navigation bar, hover over the Products menu and select Settings.
In the side menu, select Provisioning > Active directory > Servers.
In the Servers form, click the Add button.
In the Servers screen, fill in the fields below:
In the Domain, device and credential tab:
1. Domain: enter the domain for the LDAP server.
  1. You can add more damons by clickin the Add button. This will open the Domain modal with the Domain and Short name files do fill.
2. Credential for authentication: select the credential that will be used to authenticate.
3. Click Continue.
In the LDAP tab:
1. Host: enter the address of the LDAP host.
2. Port: enter the port of the LDAP host.
3. Enabled: indicate whether the server is active or not. By default, this option is set to Yes.
4. Credential for authentication: select the credential that will be used to authenticate to the LDAP server from the drop-down menu.
5. Network connector: select from the drop-down menu which connector will be used with the LDAP server.
6. DN base: enter the starting location of the directory from which the search or operation will begin. This will be the starting point for searching, adding, modifying, or deleting objects on the LDAP server.
7. Account form: select the type of account form from the drop-down menu. The options are: DN, Username, Backslash, and Main.
8. Account filter format: specify the search criteria to narrow down the results. For example: (&(objectClass=user)(sAMAccountName=johndoe)).
  1. In this case, the fields are:
    1. objectClass=user: the type of the object must be user.
    2. sAMAccountName=johndoe: the user's SAM (Security Account Manager) account name must be johndoe.
9. Account domain: specify the domain of the account. For example, [email protected].
10. Account domain (Short Name): enter the account's short name, specifically. For example: SENHASEGURA\johndoe.
11. Use Credential Domain: indicate whether you want to use a domain credential. By default this option is set to No.
12. Username attribute: enter the account's unique username.
13. DN Bind (leave blank to use the DN base): enter the DN that will be used as the unique identifier. For example**:** "CN=John Doe,OU=Users,DC=senhasegura,DC=com".
14. Member is DN?: select Yes if the user is identified by their DN
15. Bind requires DN?: select Yes if the bind process needs to use DN.
16. Group: enter the account group.
17. Group DN: enter the account's DN.
18. Group Attribute (GroupAttr): enter the attributes of the group.
19. Group scope: enter the group scope.
20. Group filter: enter a filter expression for the group. For example: (objectClass=group) which will return all objects within the LDAP/AD server that are of type group.
21. Member attribute (MemberAttr): enter the attributes of the group members.
22. Order:
23. Use SSL?: select whether you want to use the SSL protocol. By default this option is set to No.
24. Click Continue.
Review and save it.

Edit an LDAP/AD server

On senhasegura, in the navigation bar, hover over the Products menu and select Settings.
In the side menu, select Provisioning > Active directory > Servers.
In the Servers report, select the server you want to edit, click the Actions button and select Edit.

The Server screen will open in edit mode and you can modify the necessary attributes. Then click Save to save the changes.

Test the authentication of an LDAP/AD server

On senhasegura, in the navigation bar, hover over the Products menu and select Settings.
In the side menu, select Provisioning > Active directory > Servers.
In the Servers report, select the server you want to edit, click the Actions button and select Test authentication.
In the LDAP authentication test screen, fill in the following fields:
Base DN: fill in the Base DN value. For example: CN=Users,DC=safe password,DC=com,DC=br.
User: fill in the username. For example: johndoe.
Password: fill in the user's password.
Click Authenticate.

A message will appear below the fields indicating whether authentication succeeded or failed.

Do you still have questions? Reach out to the senhasegura Community.

Was this article helpful?

What's Next

How to manage group synchronization

On this page

Register an LDAP/AD server
Edit an LDAP/AD server
Test the authentication of an LDAP/AD server