If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
SkyFormation platform will try to enrich any identity information received by different modules by interacting with the Active Directory or LDAP server configured for it.
Few identity enrichment examples done by SkyFormation:
- In the cloud discover module SkyFormation will use the identity information to get from the AD/LDAP
additional information about the user as its department, manager name, business email and more.
- In the cloud connectors module SkyFormation will use the user names ingested in the different cloud apps
audit events, and will try to resolve the user name into its corporate identity in the LDAP/AD. In case
such identity reconciliation occurred SkyFormation will send the corporate identity identifier in the
resulted event (aka identity reconciliation)
Important note
The LDAP/AD integration described in this post is not used by SkyFormation to perform
authentication with the organization's AD/LDAP. To configure SkyFormation for AD/LDAP authentication please see: Configure the SkyFormation Authentication to Use LDAP
Prerequisites
- Make sure the SkyFormation machine could communicate with the LDAP server
- Have the LDAP server name and port number to use
- If your LDAP does not allow anonymous search you will need to get a LDAP user and password
that would be used by the SkyFormation application for LDAP search/enrichment needs
Step
- Login to the SkyFormation application
- Go to SETTING->LDAP INTEGRATION page
- Press EDIT
- Change the Enable from No to Yes
- Fill in the following information at the "General Settings" section
() User-Filter
Insert the name of the LDAP person object class (e.g. objectClass=person)
() Manager-Mapped-Attribute
The LDAP attribute type used to map the user to her manager (e.g. user-dn-attr)
() User-Dn-Attr
The LDAP attribute name used to keep the user's DN (e.g. DN)
() User-Id-Attr
The LDAP attribute name used to keep the user's unique identifier (e.g. employeeNumber)
() User-Username-Attr
The LDAP attribute name used to keep the user's user name (e.g. uid)
() User-Fullname-Attr
The LDAP attribute name used to keep the user's full name (e.g. cn)
() User-Email-Attr
The LDAP attribute name used to keep the user's email address (e.g. mail)
() User-Phone-Attr
The LDAP attribute name used to keep the user's phone number (e.g. telephoneNumber)
() User-Manager-Attr
The LDAP attribute name used to hold the user's manager name (e.g. manager)
() User-Department-Attr
The LDAP attribute name used to hold the user's department name (e.g. ou)
() User-Role-Attr
The LDAP attribute name used to hold the user's Role (e.g. ou)
() Photo
The LDAP attribute name used to hold the user's photo (e.g. thumbnailPhoto)
- Fill in the following information at the "Connection settings for domain:" section
() Domain name
The name of the LDAP domain name (e.g. myorg)
() Base search
The DN to start the users search from (e.g. dc=myorg,dc=com)
() URL
The LDAP server URL and port number to use (e.g. ldap://myldapserver.com:10389)
() Use SSL
If you are using LDAPS above change to Yes. Otherwise leave as No
Also make sure you have completed the following step to support LDAPS integration:
Adding a SSL Certificate to the SkyFormation Trusted Certificates Store
() Requires Authentication
If your LDAP server does not allow anonymous search change to Yes. If not leave NO
() Login DN
The DN of the user to be used for the LDAP search (e.g. uid=djohn,ou=people,dc=myorg,dc=com)
() Password
The password of the user to be used for the LDAP search (e.g. secret)
- Press SAVE
Done
Comments
0 comments
Please sign in to leave a comment.