Follow this document as a reference for all LDAP based Identity Provider, including
- Active Directory
- LDAP server
Active Directory and FreeIPA have a prebuilt configuration in TRASA and are available in the Identity Provider menu.
To test for LDAP binding outside of TRASA, you can use ldapsearch in Linux systems or
ldap.exe tool found in Windows server (under LDAP server configuration panel).
There are two things needed when integrating TRASA with the LDAP server.
- LDAP service account for account Binding (authentication)
- User group in the LDAP server. TRASA will import users from this group.
Note that TsxVault must be already initialized and must be in an unsealed state.
1. Create New Identity Provider
2. Configure Identity Provider
- Server Domain - IP or the domain name where the LDAP server is hosted. We have used IP
- LDAP DN - usually a LDAP base where users can be queried. We have used
CN=Users,DC=trasatest,DC=internalas base user DN here.
- Service Account Name - Service account name used to authenticate (aka bind) LDAP. Any user account with access rights to query the LDAP server can be used here. But as a better security option, always create and use a separate service account for similar use cases. We have used
serviceaccountas a LDAP user here
- Service Account Password - Password for the above service account.
3. Import Users from LDAP server
Provide the full path to the LDAP user group. As an example, here we have used user group name
If all went well, users from the LDAP group would be imported in TRASA. Users can use the same LDAP credentials to authenticate themself in TRASA