Overview
LDAP is a protocol used to access and manage directory information services, such as user accounts, email addresses, and other network resources. An LDAP connection allows an LDAP client to communicate with an LDAP server to retrieve or modify information stored in the directory.
Prerequisites
- All Logsign versions support this integration.
Configure On LDAP
- By connecting to the Ldap / AD server via Logsign, we can enrich the all logs with user attributes as automatically from Ldap / AD Server (such as Department Names, Display Names, Mobile Phones).
- To establish an LDAP connection, an LDAP client sends an LDAP request to the LDAP server using a specific port number (default is 389 for LDAP and 636 for LDAP over SSL). The server then responds to the request by providing the requested information or by indicating that the requested information is not available.
- LDAP connections can be secured by using SSL/TLS encryption to protect the data being transmitted between the client and server. LDAP connections can also be authenticated using various mechanisms, such as simple authentication or bind authentication, to ensure that only authorized users can access the directory information.
- You can follow the notes on the need-to-know settings below and navigate accordingly.
- BaseDN : BaseDN (base distinguished name) is an important concept in LDAP (Lightweight Directory Access Protocol) that defines the starting point for a search within a directory. It specifies the top-most point in the directory tree where the LDAP search should begin.
- Port : Default is 389 for LDAP and 636 for LDAP over SSL.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write LDAP.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- BaseDN: Define the BaseDN.
- Password: Define the password.
- Server: Define the server address.
- Port: Define the port.
- UserName: Define the username.
- Click Test and then Create to save the changes.
Methods
SEARCH-USERS
- Device: Select the configuration you have configured.
- Class: Define the users' object class.
- Name: Define the users you want to search.
ADD-USER-TO-GROUP
- Device: Select the configuration you have configured.
- Username: Define the user you want to add.
- Group Name: Define the users' group name.
REMOVE-USER-FROM-GROUP
- Device: Select the configuration you have configured.
- Username: Define the user you want to remove.
- Group Name: Define the users' group name.
DISABLE
- Username: Define the user you want to disable.
ENABLE
- Username: Define the user you want to enable.
RESET-PASSWORD
Username: Define the user whose password was reset.