LDAPS is commonly employed in scenarios where secure authentication and directory services are required, such as in enterprise environments for managing user accounts, permissions, and other directory-related tasks.
LDAPS stands for Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) or Transport Layer Security (TLS). LDAP is a protocol used for accessing and maintaining directory information services, which can include information about users, groups, and other resources in a network.
When LDAPS is used, it means that the communication between the LDAP client (such as an application or server) and the LDAP server is secured using TLS. This adds a layer of encryption to the LDAP communication, ensuring that sensitive information exchanged between the client and server is protected from eavesdropping and tampering.
LDAPS is commonly employed in scenarios where secure authentication and directory services are required, such as in enterprise environments for managing user accounts, permissions, and other directory-related tasks. It provides a more secure way to transmit sensitive directory information compared to regular, non-secured LDAP.
5.1.2 Azure LDAP/AD Integration
To configure Myota bucketZero Workspace navigate to Administration Settings > LDAP/AD integration from the menu. Configure using the following examples as required by your Service Provider.
You must create the LDAPS services your Azure Portal when configuring the LDAP for bucketZero Workspace. Note* The UUID must match the ObjectID, this must be configured in your Azure Portal when using LDAPS.
LDAP/AD Integration Server Tab > Add a server by selecting the + sign.
Server
Host
- ldaps://ldaps.domain.com
- Note* LDAPS requires a certificate, it is recommended that you consult your Certificate Authority (CA) or IT team for specific recommendations such as certificate lifespan and level of encryption.
- Port 636
- Note that you can attempt to auto-detect the server’s port, if Myota cannot detect this you must enter them manually.
User DN
- Account Name ldaps@domain.com
Password
- Apply the account password
One Base DN per line
- dc=domain,dc=com
- Note that you can attempt to auto-detect the Base DN, if Myota cannot detect this you must enter them manually.
Users
Edit LDAP Query
- (|(memberof=cn= ADMINS,ou=Users,o=ID,dc=domain,dc=com))
Expert
The Myota bucketZero Workspace generates a UUID be default, to align this UUID to the expected values for the claims and objects you must override the UUID by selecting the Expert option and adding the value (userPrincipalName) to the Internal Username Attribute field as shown in the image.
Login Attributes
LDAP Filter:
(&(&(|(objectclass=person))(|(|(memberof=CN=Domain Users,OU=Admin Users,DC=domain,DC=com)(primaryGroupID=XXXX))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))
Groups