Global Security Configuration

Active Directory Configuration Documentation

Overview

The Active Directory Configuration section in this application allows administrators to set up how the application communicates with the Active Directory (AD) using LDAP. This configuration is crucial for ensuring secure and efficient access to directory services.

Configuration Options

1. LDAPS (Service account authenticated - Recommended)

This is the most secure method for connecting to Active Directory. It uses LDAP over SSL (LDAPS) and requires a service account with the necessary permissions.

• Username: Enter the username of the service account in the format username@domain.comor domain.com\username

• Password: Enter the password for the service account.

Using this method ensures that all data transmitted between the client and the LDAP server is encrypted and protected. This is the recommended option for most environments.

2. LDAPS (Current account - Optional)

If the credentials section is left blank, the connection will be made using the current account. This method also ensures a secure connection through the use of an SSL certificate (LDAPS).

• Username: Leave this field blank if you want to use the current logged-in account.

• Password: Leave this field blank if you want to use the current logged-in account.

This option can be useful if the current account already has the necessary permissions and you prefer not to use a separate service account.

3. LDAP (Insecure - Fallback)

If neither a secure connection nor anonymous LDAPS is successful, the application will try a basic LDAP connection, which is unencrypted.

Warning: This is the least secure option and should only be used as a last resort. It is not recommended for production environments due to the lack of encryption, which could expose sensitive information.

Steps to Configure Active Directory

1. Enter Credentials: If using the "LDAPS with a service account" option, enter the service account's username and password.

2. Test Connection: Click the Test button to verify that the application can successfully connect to Active Directory using the provided configuration.

3. Save Configuration: Once the connection test is successful, click OK to save the configuration. If you wish to discard changes, click Cancel.

Example

For a secure connection using a service account:

• Username: serviceaccount@domain.com (or domain.com\serviceaccount)

• Password: (Enter the password for the service account)

Additional Notes

• Always prefer the "LDAPS with a service account" method for enhanced security.

• Regularly update the service account password and keep it secure.

• Ensure that the service account has the necessary permissions in Active Directory to perform required operations.

Troubleshooting

• Connection Failed: If the connection test fails, check the username and password. Ensure that the service account has the correct permissions and that the AD server is reachable.

• SSL Issues: If using LDAPS, ensure that the SSL certificate is correctly installed and trusted by the client machine.

By following these instructions, you can securely configure the application to communicate with Active Directory using LDAPS.