Creating LDAP server integration
To create an integration with an LDAP server:
- In the Administration → Integrations → LDAP section, click the Connect server button.
The LDAP server settings window opens.
- Specify the following mandatory settings in the form fields:
- Web address (URL) of your company's LDAP server.
The web address of the LDAP server is specified as follows:
ldap://<host>:<port>. For example:ldap://ldap.example.com:389. - Base distinguished name—in the context of an LDAP name, this is the name that uniquely identifies and describes a record of the LDAP directory server.
For example, the base distinguished name for example.com is
dc=example, dc=com. - User authorization filter—in the context of an LDAP search, this is a filter that generates a user authorization request and indicates where to start searching for a user in the Active Directory catalog tree.
The filter for user authorization must be specified as follows:
sAMAccountName =% s, ou = Accounts. - Group filter for defining the group search settings in Active Directory.
- User filter for defining the user search settings in Active Directory.
- Web address (URL) of your company's LDAP server.
- Under Base schema, specify the values of the following attributes and classes of objects:
- Object class is the type of object to search for.
- Organizational unit class is the LDAP object class that identifies the object as a container object within the domain.
- User class is the LDAP object class that identifies the object as a user.
- Organization unit name is the attribute of a group that identifies its name.
- Group class is the class that identifies the LDAP object as a group.
- Distinguished name attribute is the unique distinguishing name of the record.
- Under User settings, specify the values of the following object attributes:
- User first name attribute.
- User lastname attribute.
- Group name attribute.
- User username attribute.
When authorizing with a user account, the username may need to be specified together with the realm in the following format:
<username @ realm>, for example, user@example.com. - User password.
- Group member.
- User email attribute.
- User member of.
- Click the Save button above the form for LDAP server integration data.
- To verify that the values were filled in correctly, click the Test connection button above the form for LDAP server integration data.
Kaspersky Container Security will display a notification informing you of the successful connection to the LDAP server or a failure to establish the connection.
If the LDAP server certificate changes, reconfigure the integration.
You can use the configured integration when creating and assigning user roles.