If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

SkyFormation platform will try to enrich any identity information received by different modules by interacting with the Active Directory or LDAP server configured for it.

Few identity enrichment examples done by SkyFormation:

- In the cloud discover module SkyFormation will use the identity information to get from the AD/LDAP
  additional information about the user as its department, manager name, business email and more.

- In the cloud connectors module SkyFormation will use the user names ingested in the different cloud apps
  audit events, and will try to resolve the user name into its corporate identity in the LDAP/AD. In case
  such identity reconciliation occurred SkyFormation will send the corporate identity identifier in the
  resulted event (aka identity reconciliation)

Important note
The LDAP/AD integration described in this post is not used by SkyFormation to perform
authentication with the organization's AD/LDAP. To configure SkyFormation for AD/LDAP authentication please see: Configure the SkyFormation Authentication to Use LDAP 

Prerequisites

- Make sure the SkyFormation machine could communicate with the LDAP server

- Have the LDAP server name and port number to use 

- If your LDAP does not allow anonymous search you will need to get a LDAP user and password
  that would be used by the SkyFormation application for LDAP search/enrichment needs 

Step

- Login to the SkyFormation application

- Go to SETTING->LDAP INTEGRATION page

- Press EDIT

- Change the Enable from No to Yes

- Fill in the following information at the "General Settings" section

  () User-Filter
      Insert the name of the LDAP person object class (e.g. objectClass=person)

  () Manager-Mapped-Attribute
      The LDAP attribute type used to map the user to her manager (e.g. user-dn-attr)

  () User-Dn-Attr
      The LDAP attribute name used to keep the user's DN (e.g. DN)

  () User-Id-Attr
     The LDAP attribute name used to keep the user's unique identifier (e.g. employeeNumber)

  () User-Username-Attr
      The LDAP attribute name used to keep the user's user name (e.g. uid)

  () User-Fullname-Attr
      The LDAP attribute name used to keep the user's full name (e.g. cn)

  () User-Email-Attr
      The LDAP attribute name used to keep the user's email address (e.g. mail)

  () User-Phone-Attr
      The LDAP attribute name used to keep the user's phone number (e.g. telephoneNumber)

  () User-Manager-Attr
      The LDAP attribute name used to hold the user's manager name (e.g. manager)

  () User-Department-Attr
      The LDAP attribute name used to hold the user's department name (e.g. ou)

  () User-Role-Attr
      The LDAP attribute name used to hold the user's Role (e.g. ou)

  () Photo
      The LDAP attribute name used to hold the user's photo (e.g. thumbnailPhoto)

- Fill in the following information at the "Connection settings for domain:" section

  () Domain name
      The name of the LDAP domain name (e.g. myorg) 

  () Base search
      The DN to start the users search from (e.g. dc=myorg,dc=com)

  () URL
      The LDAP server URL and port number to use (e.g. ldap://myldapserver.com:10389)

  () Use SSL
      If you are using LDAPS above change to Yes. Otherwise leave as No

      Also make sure you have completed the following step to support LDAPS integration:
      Adding a SSL Certificate to the SkyFormation Trusted Certificates Store

  () Requires Authentication
      If your LDAP server does not allow anonymous search change to Yes. If not leave NO

  () Login DN
      The DN of the user to be used for the LDAP search (e.g. uid=djohn,ou=people,dc=myorg,dc=com)

  () Password
      The password of the user to be used for the LDAP search (e.g. secret)

- Press SAVE

Done