Creating LDAP server integration
March 27, 2024
ID 262715
To create an integration with an LDAP server:
- In the Administration → Integrations → LDAP section, click the Connect server button.
The LDAP server settings window opens.
- Specify the following mandatory settings in the form fields:
- Web address (URL) of your company's LDAP server.
The web address of the LDAP server is specified as follows:
ldap://<host>:<port>
. For example:ldap://ldap.example.com:389
. - Base unique name—in the context of an LDAP name, this is a name that uniquely identifies and describes a record of the LDAP directory server.
For example, the base unique name for example.com is
dc=example, dc=com
. - User authorization filter—in the context of an LDAP search, this is a filter that generates a user authorization request and indicates where to start searching for a user in the Active Directory catalog tree.
The filter for user authorization must be specified as follows:
sAMAccountName =% s, ou = Accounts
. - Group filter for defining the group search settings in Active Directory.
- User filter for defining the user search settings in Active Directory.
- Web address (URL) of your company's LDAP server.
- Under Base schema, specify the values of the following attributes and classes of objects:
- Object class is the type of object to search.
- Organizational unit class is the LDAP object class that identifies the object as a container object within the domain.
- User class is the LDAP object class that identifies the object as a user.
- Organization unit name is the attribute of a group that identifies its name.
- Group class is the class that identifies the LDAP object as a group.
- Unique name is the unique distinguished name of the record.
- Under User lookup schema, specify the values of the following object attributes:
- User first name.
- Last name of the user.
- Group name.
- User username.
When authorizing with a user account, the username may need to be specified together with the realm in the following format:
<username @ realm>
, for example, user@example.com . - User password.
- Group member.
- User email address.
- User member of.
- Click the Save button above the form for LDAP server integration data.
- To verify that the values were filled in correctly, click the Test connection button above the form for LDAP server integration data.
Kaspersky Container Security will display a notification informing you of the successful connection to the LDAP server or a failure to establish the connection.
Example of completed fields when configuring LDAP server integration
If the LDAP server certificate changes, reconfigure the integration.
You can use the configured integration when creating and assigning user roles.